diff mbox

lpfc: Fix NULL pointer dereference during PCI error recovery

Message ID 20170517220217.28337-1-gpiccoli@linux.vnet.ibm.com (mailing list archive)
State Accepted, archived
Headers show

Commit Message

Guilherme G. Piccoli May 17, 2017, 10:02 p.m. UTC 
Recent commit on patchset "lpfc updates for 11.2.0.14" fixed an issue
about dereferencing a NULL pointer on port reset. The specific commit,
named "lpfc: Fix system crash when port is reset.", is missing a check
against NULL pointer on lpfc_els_flush_cmd() though.

Since we destroy the queues on adapter resets, like in PCI error
recovery path, we need the validation present on this patch in order
to avoid a NULL pointer dereference when trying to flush commands of
ELS wq, after it has been destroyed (which would lead to a kernel oops).

Tested-by: Raphael Silva <raphasil@linux.vnet.ibm.com>
Signed-off-by: Guilherme G. Piccoli <gpiccoli@linux.vnet.ibm.com>
Signed-off-by: James Smart <james.smart@broadcom.com>
---

This patch was rebased against 4.12/scsi-fixes on mkp tree.
I couldn't figure a better way to refer to commits in this
message because they weren't merged on linus tree yet, so
the sha hashes wouldn't make sense. If you have some idea,
please let me know and I can send v2 if desired.

 drivers/scsi/lpfc/lpfc_els.c | 7 +++++++
 1 file changed, 7 insertions(+)

Comments

Martin K. Petersen May 18, 2017, 12:21 a.m. UTC | #1 
Guilherme,

> Recent commit on patchset "lpfc updates for 11.2.0.14" fixed an issue
> about dereferencing a NULL pointer on port reset. The specific commit,
> named "lpfc: Fix system crash when port is reset.", is missing a check
> against NULL pointer on lpfc_els_flush_cmd() though.
>
> Since we destroy the queues on adapter resets, like in PCI error
> recovery path, we need the validation present on this patch in order
> to avoid a NULL pointer dereference when trying to flush commands of
> ELS wq, after it has been destroyed (which would lead to a kernel
> oops).

Applied to 4.12/scsi-fixes. Thank you!
Guilherme G. Piccoli May 18, 2017, 1:35 p.m. UTC | #2 
On 05/17/2017 09:21 PM, Martin K. Petersen wrote:
> 
> Guilherme,
> 
>> Recent commit on patchset "lpfc updates for 11.2.0.14" fixed an issue
>> about dereferencing a NULL pointer on port reset. The specific commit,
>> named "lpfc: Fix system crash when port is reset.", is missing a check
>> against NULL pointer on lpfc_els_flush_cmd() though.
>>
>> Since we destroy the queues on adapter resets, like in PCI error
>> recovery path, we need the validation present on this patch in order
>> to avoid a NULL pointer dereference when trying to flush commands of
>> ELS wq, after it has been destroyed (which would lead to a kernel
>> oops).
> 
> Applied to 4.12/scsi-fixes. Thank you!
> 

Thanks Martin!
diff mbox

Patch

diff --git a/drivers/scsi/lpfc/lpfc_els.c b/drivers/scsi/lpfc/lpfc_els.c
index 1d36f82fa369..8e532b39ae93 100644
--- a/drivers/scsi/lpfc/lpfc_els.c
+++ b/drivers/scsi/lpfc/lpfc_els.c
@@ -7451,6 +7451,13 @@  lpfc_els_flush_cmd(struct lpfc_vport *vport)
 	 */
 	spin_lock_irq(&phba->hbalock);
 	pring = lpfc_phba_elsring(phba);
+
+	/* Bail out if we've no ELS wq, like in PCI error recovery case. */
+	if (unlikely(!pring)) {
+		spin_unlock_irq(&phba->hbalock);
+		return;
+	}
+
 	if (phba->sli_rev == LPFC_SLI_REV4)
 		spin_lock(&pring->ring_lock);