From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx2.suse.de ([195.135.220.15]:60274 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754234AbbLAHpm (ORCPT ); Tue, 1 Dec 2015 02:45:42 -0500 Message-ID: <1448955939.3103.0.camel@suse.de> Subject: Re: [PATCH v2 2/4] bfa:Fix for crash when bfa_itnim is NULL From: Johannes Thumshirn To: anil.gurumurthy@qlogic.com, martin.petersen@oracle.com, James.Bottomley@HansenPartnership.com Cc: linux-scsi@vger.kernel.org, stable@vger.kernel.org Date: Tue, 01 Dec 2015 08:45:39 +0100 In-Reply-To: <1448528040-24954-1-git-send-email-anil.gurumurthy@qlogic.com> References: <1448528040-24954-1-git-send-email-anil.gurumurthy@qlogic.com> Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org List-ID: On Thu, 2015-11-26 at 03:54 -0500, anil.gurumurthy@qlogic.com wrote: > From: Anil Gurumurthy > > Fix a very corner case when the port gets disconnected and the BFA and FCS > layers clean up references to the IT nexus. > During this window if a task management command is issued by the SCSI-ML and > ends up > referencing a NULL itnim, it could lead to a crash. > > Signed-off-by: Sudarsana Kalluru > Signed-off-by: Anil Gurumurthy > --- >  drivers/scsi/bfa/bfad_im.c |   26 ++++++++++++++++++++++++++ >  1 files changed, 26 insertions(+), 0 deletions(-) > > diff --git a/drivers/scsi/bfa/bfad_im.c b/drivers/scsi/bfa/bfad_im.c > index efcb247..2c0cf8a 100644 > --- a/drivers/scsi/bfa/bfad_im.c > +++ b/drivers/scsi/bfa/bfad_im.c > @@ -272,6 +272,19 @@ bfad_im_target_reset_send(struct bfad_s *bfad, struct > scsi_cmnd *cmnd, >   cmnd->host_scribble = NULL; >   cmnd->SCp.Status = 0; >   bfa_itnim = bfa_fcs_itnim_get_halitn(&itnim->fcs_itnim); > + /* > +  * bfa_itnim can be NULL if the port gets disconnected and the bfa > +  * and fcs layers have cleaned up their nexus with the targets and > +  * the same has not been cleaned up by the shim > +  */ > + if (bfa_itnim == NULL) { > + bfa_tskim_free(tskim); > + BFA_LOG(KERN_ERR, bfad, bfa_log_level, > + "target reset, bfa_itnim is NULL\n"); > + rc = BFA_STATUS_FAILED; > + goto out; > + } > + >   memset(&scsilun, 0, sizeof(scsilun)); >   bfa_tskim_start(tskim, bfa_itnim, scsilun, >       FCP_TM_TARGET_RESET, BFAD_TARGET_RESET_TMO); > @@ -327,6 +340,19 @@ bfad_im_reset_lun_handler(struct scsi_cmnd *cmnd) >   cmnd->SCp.ptr = (char *)&wq; >   cmnd->SCp.Status = 0; >   bfa_itnim = bfa_fcs_itnim_get_halitn(&itnim->fcs_itnim); > + /* > +  * bfa_itnim can be NULL if the port gets disconnected and the bfa > +  * and fcs layers have cleaned up their nexus with the targets and > +  * the same has not been cleaned up by the shim > +  */ > + if (bfa_itnim == NULL) { > + bfa_tskim_free(tskim); > + BFA_LOG(KERN_ERR, bfad, bfa_log_level, > + "lun reset, bfa_itnim is NULL\n"); > + spin_unlock_irqrestore(&bfad->bfad_lock, flags); > + rc = FAILED; > + goto out; > + } >   int_to_scsilun(cmnd->device->lun, &scsilun); >   bfa_tskim_start(tskim, bfa_itnim, scsilun, >       FCP_TM_LUN_RESET, BFAD_LUN_RESET_TMO); Reviewed-by: Johannes Thumshirn