| Message ID | 1459516223-32106-5-git-send-email-chad.dupuis@qlogic.com (mailing list archive) |
|---|---|
| State | Changes Requested, archived |
| Headers | show |
On 2016-04-01 15:10, Chad Dupuis wrote: > When we are in connection recovery and the internal command timer on a > request > pops, either the scsi_cmnd->device or scsi_cmnd->device->host back > pointers may > be NULL as the device that the command that the request was submitted > on may > have been subsequently reaped due to the connection recovery. This can > cause > one or both of the pointers above to be NULL and cause a system crash > if we try > to return the command to the midlayer. > > Instead, double check the pointers before the return to the midlayer so > as to > prevent the crash and let the upper layers finish the session recovery > and > rediscover the device. > > Signed-off-by: Chad Dupuis <chad.dupuis@qlogic.com> > --- Looks good, Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/scsi/bnx2fc/bnx2fc_io.c b/drivers/scsi/bnx2fc/bnx2fc_io.c index 0f60e22..33e519d 100644 --- a/drivers/scsi/bnx2fc/bnx2fc_io.c +++ b/drivers/scsi/bnx2fc/bnx2fc_io.c @@ -181,12 +181,24 @@ static void bnx2fc_scsi_done(struct bnx2fc_cmd *io_req, int err_code) bnx2fc_unmap_sg_list(io_req); io_req->sc_cmd = NULL; + + /* Sanity checks before returning command to mid-layer */ if (!sc_cmd) { printk(KERN_ERR PFX "scsi_done - sc_cmd NULL. " "IO(0x%x) already cleaned up\n", io_req->xid); return; } + if (!sc_cmd->device) { + pr_err(PFX "0x%x: sc_cmd->device is NULL.\n", io_req->xid); + return; + } + if (!sc_cmd->device->host) { + pr_err(PFX "0x%x: sc_cmd->device->host is NULL.\n", + io_req->xid); + return; + } + sc_cmd->result = err_code << 16; BNX2FC_IO_DBG(io_req, "sc=%p, result=0x%x, retries=%d, allowed=%d\n",
When we are in connection recovery and the internal command timer on a request pops, either the scsi_cmnd->device or scsi_cmnd->device->host back pointers may be NULL as the device that the command that the request was submitted on may have been subsequently reaped due to the connection recovery. This can cause one or both of the pointers above to be NULL and cause a system crash if we try to return the command to the midlayer. Instead, double check the pointers before the return to the midlayer so as to prevent the crash and let the upper layers finish the session recovery and rediscover the device. Signed-off-by: Chad Dupuis <chad.dupuis@qlogic.com> --- drivers/scsi/bnx2fc/bnx2fc_io.c | 12 ++++++++++++ 1 file changed, 12 insertions(+)