From patchwork Fri Apr  1 13:10:22 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Chad Dupuis <chad.dupuis@qlogic.com>
X-Patchwork-Id: 8724721
Return-Path: <linux-scsi-owner@kernel.org>
X-Original-To: patchwork-linux-scsi@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id 4AA98C0553
	for <patchwork-linux-scsi@patchwork.kernel.org>;
	Fri,  1 Apr 2016 13:51:39 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 7037D203B8
	for <patchwork-linux-scsi@patchwork.kernel.org>;
	Fri,  1 Apr 2016 13:51:38 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 86025203DC
	for <patchwork-linux-scsi@patchwork.kernel.org>;
	Fri,  1 Apr 2016 13:51:37 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1757706AbcDANvg (ORCPT
	<rfc822;patchwork-linux-scsi@patchwork.kernel.org>);
	Fri, 1 Apr 2016 09:51:36 -0400
Received: from mx0b-0016ce01.pphosted.com ([67.231.156.153]:23566 "EHLO
	mx0b-0016ce01.pphosted.com" rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with ESMTP id S1753517AbcDANvf (ORCPT
	<rfc822; linux-scsi@vger.kernel.org>); Fri, 1 Apr 2016 09:51:35 -0400
Received: from pps.filterd (m0085408.ppops.net [127.0.0.1])
	by mx0b-0016ce01.pphosted.com (8.16.0.11/8.16.0.11) with SMTP id
	u31DpVrH018788; Fri, 1 Apr 2016 06:51:31 -0700
Received: from avcashub1.qlogic.com ([198.186.0.115])
	by mx0b-0016ce01.pphosted.com with ESMTP id 2203pbxcem-2
	(version=TLSv1 cipher=AES128-SHA bits=128 verify=NOT);
	Fri, 01 Apr 2016 06:51:31 -0700
Received: from dut6217.mv.qlogic.com (172.29.56.217) by qlc.com (10.1.4.190)
	with Microsoft SMTP Server id 14.3.235.1;
	Fri, 1 Apr 2016 06:51:28 -0700
Received: by dut6217.mv.qlogic.com (Postfix, from userid 0)	id C805B5220C7;
	Fri,  1 Apr 2016 09:10:23 -0400 (EDT)
From: Chad Dupuis <chad.dupuis@qlogic.com>
To: <jejb@linux.vnet.ibm.com>, <martin.petersen@oracle.com>
CC: <chad.dupuis@qlogic.com>, <saurav.kashyap@qlogic.com>,
	<linux-scsi@vger.kernel.org>
Subject: [PATCH 4/5] bnx2fc: Check sc_cmd device and host pointer before
	returning the command to the mid-layer.
Date: Fri, 1 Apr 2016 09:10:22 -0400
Message-ID: <1459516223-32106-5-git-send-email-chad.dupuis@qlogic.com>
X-Mailer: git-send-email 1.7.7
In-Reply-To: <1459516223-32106-1-git-send-email-chad.dupuis@qlogic.com>
References: <1459516223-32106-1-git-send-email-chad.dupuis@qlogic.com>
MIME-Version: 1.0
disclaimer: bypass
X-Proofpoint-Virus-Version: vendor=nai engine=5800 definitions=8121
	signatures=670706
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0
	priorityscore=1501 suspectscore=0
	malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015
	impostorscore=0 lowpriorityscore=0 adultscore=0 classifier=spam
	adjust=0
	reason=mlx scancount=1 engine=8.0.1-1603180000
	definitions=main-1604010203
Sender: linux-scsi-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-scsi.vger.kernel.org>
X-Mailing-List: linux-scsi@vger.kernel.org
X-Spam-Status: No, score=-7.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

When we are in connection recovery and the internal command timer on a request
pops, either the scsi_cmnd->device or scsi_cmnd->device->host back pointers may
be NULL as the device that the command that the request was submitted on may
have been subsequently reaped due to the connection recovery. This can cause
one or both of the pointers above to be NULL and cause a system crash if we try
to return the command to the midlayer.

Instead, double check the pointers before the return to the midlayer so as to
prevent the crash and let the upper layers finish the session recovery and
rediscover the device.

Signed-off-by: Chad Dupuis <chad.dupuis@qlogic.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
---
 drivers/scsi/bnx2fc/bnx2fc_io.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/drivers/scsi/bnx2fc/bnx2fc_io.c b/drivers/scsi/bnx2fc/bnx2fc_io.c
index 0f60e22..33e519d 100644
--- a/drivers/scsi/bnx2fc/bnx2fc_io.c
+++ b/drivers/scsi/bnx2fc/bnx2fc_io.c
@@ -181,12 +181,24 @@ static void bnx2fc_scsi_done(struct bnx2fc_cmd *io_req, int err_code)
 
 	bnx2fc_unmap_sg_list(io_req);
 	io_req->sc_cmd = NULL;
+
+	/* Sanity checks before returning command to mid-layer */
 	if (!sc_cmd) {
 		printk(KERN_ERR PFX "scsi_done - sc_cmd NULL. "
 				    "IO(0x%x) already cleaned up\n",
 		       io_req->xid);
 		return;
 	}
+	if (!sc_cmd->device) {
+		pr_err(PFX "0x%x: sc_cmd->device is NULL.\n", io_req->xid);
+		return;
+	}
+	if (!sc_cmd->device->host) {
+		pr_err(PFX "0x%x: sc_cmd->device->host is NULL.\n",
+		    io_req->xid);
+		return;
+	}
+
 	sc_cmd->result = err_code << 16;
 
 	BNX2FC_IO_DBG(io_req, "sc=%p, result=0x%x, retries=%d, allowed=%d\n",