| Message ID | 1448528040-24954-1-git-send-email-anil.gurumurthy@qlogic.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Thu, 2015-11-26 at 03:54 -0500, anil.gurumurthy@qlogic.com wrote: > From: Anil Gurumurthy <anil.gurumurthy@qlogic.com> > > Fix a very corner case when the port gets disconnected and the BFA and FCS > layers clean up references to the IT nexus. > During this window if a task management command is issued by the SCSI-ML and > ends up > referencing a NULL itnim, it could lead to a crash. > > Signed-off-by: Sudarsana Kalluru <sudarsana.kalluru@qlogic.com> > Signed-off-by: Anil Gurumurthy <anil.gurumurthy@qlogic.com> > --- > drivers/scsi/bfa/bfad_im.c | 26 ++++++++++++++++++++++++++ > 1 files changed, 26 insertions(+), 0 deletions(-) > > diff --git a/drivers/scsi/bfa/bfad_im.c b/drivers/scsi/bfa/bfad_im.c > index efcb247..2c0cf8a 100644 > --- a/drivers/scsi/bfa/bfad_im.c > +++ b/drivers/scsi/bfa/bfad_im.c > @@ -272,6 +272,19 @@ bfad_im_target_reset_send(struct bfad_s *bfad, struct > scsi_cmnd *cmnd, > cmnd->host_scribble = NULL; > cmnd->SCp.Status = 0; > bfa_itnim = bfa_fcs_itnim_get_halitn(&itnim->fcs_itnim); > + /* > + * bfa_itnim can be NULL if the port gets disconnected and the bfa > + * and fcs layers have cleaned up their nexus with the targets and > + * the same has not been cleaned up by the shim > + */ > + if (bfa_itnim == NULL) { > + bfa_tskim_free(tskim); > + BFA_LOG(KERN_ERR, bfad, bfa_log_level, > + "target reset, bfa_itnim is NULL\n"); > + rc = BFA_STATUS_FAILED; > + goto out; > + } > + > memset(&scsilun, 0, sizeof(scsilun)); > bfa_tskim_start(tskim, bfa_itnim, scsilun, > FCP_TM_TARGET_RESET, BFAD_TARGET_RESET_TMO); > @@ -327,6 +340,19 @@ bfad_im_reset_lun_handler(struct scsi_cmnd *cmnd) > cmnd->SCp.ptr = (char *)&wq; > cmnd->SCp.Status = 0; > bfa_itnim = bfa_fcs_itnim_get_halitn(&itnim->fcs_itnim); > + /* > + * bfa_itnim can be NULL if the port gets disconnected and the bfa > + * and fcs layers have cleaned up their nexus with the targets and > + * the same has not been cleaned up by the shim > + */ > + if (bfa_itnim == NULL) { > + bfa_tskim_free(tskim); > + BFA_LOG(KERN_ERR, bfad, bfa_log_level, > + "lun reset, bfa_itnim is NULL\n"); > + spin_unlock_irqrestore(&bfad->bfad_lock, flags); > + rc = FAILED; > + goto out; > + } > int_to_scsilun(cmnd->device->lun, &scsilun); > bfa_tskim_start(tskim, bfa_itnim, scsilun, > FCP_TM_LUN_RESET, BFAD_LUN_RESET_TMO); Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/scsi/bfa/bfad_im.c b/drivers/scsi/bfa/bfad_im.c index efcb247..2c0cf8a 100644 --- a/drivers/scsi/bfa/bfad_im.c +++ b/drivers/scsi/bfa/bfad_im.c @@ -272,6 +272,19 @@ bfad_im_target_reset_send(struct bfad_s *bfad, struct scsi_cmnd *cmnd, cmnd->host_scribble = NULL; cmnd->SCp.Status = 0; bfa_itnim = bfa_fcs_itnim_get_halitn(&itnim->fcs_itnim); + /* + * bfa_itnim can be NULL if the port gets disconnected and the bfa + * and fcs layers have cleaned up their nexus with the targets and + * the same has not been cleaned up by the shim + */ + if (bfa_itnim == NULL) { + bfa_tskim_free(tskim); + BFA_LOG(KERN_ERR, bfad, bfa_log_level, + "target reset, bfa_itnim is NULL\n"); + rc = BFA_STATUS_FAILED; + goto out; + } + memset(&scsilun, 0, sizeof(scsilun)); bfa_tskim_start(tskim, bfa_itnim, scsilun, FCP_TM_TARGET_RESET, BFAD_TARGET_RESET_TMO); @@ -327,6 +340,19 @@ bfad_im_reset_lun_handler(struct scsi_cmnd *cmnd) cmnd->SCp.ptr = (char *)&wq; cmnd->SCp.Status = 0; bfa_itnim = bfa_fcs_itnim_get_halitn(&itnim->fcs_itnim); + /* + * bfa_itnim can be NULL if the port gets disconnected and the bfa + * and fcs layers have cleaned up their nexus with the targets and + * the same has not been cleaned up by the shim + */ + if (bfa_itnim == NULL) { + bfa_tskim_free(tskim); + BFA_LOG(KERN_ERR, bfad, bfa_log_level, + "lun reset, bfa_itnim is NULL\n"); + spin_unlock_irqrestore(&bfad->bfad_lock, flags); + rc = FAILED; + goto out; + } int_to_scsilun(cmnd->device->lun, &scsilun); bfa_tskim_start(tskim, bfa_itnim, scsilun, FCP_TM_LUN_RESET, BFAD_LUN_RESET_TMO);