From: Mike Christie <michaelc@cs.wisc.edu>
To: Ravi Anand <ravi.anand@qlogic.com>
Cc: James Bottomley <james.bottomley@suse.de>,
Linux-SCSI Mailing List <linux-scsi@vger.kernel.org>,
Vikas Chaudhary <vikas.chaudhary@qlogic.com>,
Karen Higgins <karen.higgins@qlogic.com>
Subject: Re: [PATCH 06/12] qla4xxx: fixed NULL pointer dereference in eh_device_reset
Date: Tue, 06 Apr 2010 23:18:44 -0500 [thread overview]
Message-ID: <4BBC07A4.6060207@cs.wisc.edu> (raw)
In-Reply-To: <4BBC01F9.7090409@cs.wisc.edu>
On 04/06/2010 10:54 PM, Mike Christie wrote:
> On 04/06/2010 05:14 AM, Ravi Anand wrote:
>> From: Vikas Chaudhary<vikas.chaudhary@qlogic.com>
>>
>> Created variables to reference h, b, t, l, because if
>> scsi passthru command completes within eh_device_reset,
>> the cmd structure may no longer be valid.
>
>
>> @@ -1587,16 +1587,34 @@ static int qla4xxx_eh_wait_for_commands(struct
>> scsi_qla_host *ha,
>> **/
>> static int qla4xxx_eh_device_reset(struct scsi_cmnd *cmd)
>> {
>> - struct scsi_qla_host *ha = to_qla_host(cmd->device->host);
>> - struct ddb_entry *ddb_entry = cmd->device->hostdata;
>> + struct scsi_qla_host *ha;
>> + struct ddb_entry *ddb_entry;
>> int ret = FAILED, stat;
>> + struct Scsi_Host *h;
>> + unsigned int b, t, l;
>> +
>> + if (cmd == NULL) {
>> + DEBUG2(printk(KERN_INFO "%s: **** SCSI mid-layer passing in"
>> + " NULL cmd DEVICE RESET - cmd already"
>> + " completed.\n", __func__));
>> + return SUCCESS;
>> + }
>>
>> - if (!ddb_entry)
>> - return ret;
>> + h = cmd->device->host;
>> + b = cmd->device->channel;
>> + t = cmd->device->id;
>> + l = cmd->device->lun;
>> + ha = to_qla_host(h);
>> + ddb_entry = cmd->device->hostdata;
>
>
> Could it complete normally while you are accessing the cmd above still?
Actually, I do not think it matters. For pass through did you mean
scsi_reset_provider? If so the scmd passed to you for the
scsi_reset_provider code path is allocated by scsi_reset_provider, so it
is fine. For the normal code path (the scsi_unjam_host path), the scsi
completion code is supposed to prevent the scsi cmd from getting
completed when that code is running. If it is not then I think we are
going to have other problems.
prev parent reply other threads:[~2010-04-07 4:14 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-04-06 10:14 [PATCH 06/12] qla4xxx: fixed NULL pointer dereference in eh_device_reset Ravi Anand
2010-04-07 3:54 ` Mike Christie
2010-04-07 4:18 ` Mike Christie [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4BBC07A4.6060207@cs.wisc.edu \
--to=michaelc@cs.wisc.edu \
--cc=james.bottomley@suse.de \
--cc=karen.higgins@qlogic.com \
--cc=linux-scsi@vger.kernel.org \
--cc=ravi.anand@qlogic.com \
--cc=vikas.chaudhary@qlogic.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox