From patchwork Thu Apr  5 15:46:25 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Chaitra P B <chaitra.basappa@broadcom.com>
X-Patchwork-Id: 10324827
Return-Path: <linux-scsi-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	9EFA06053F for <patchwork-linux-scsi@patchwork.kernel.org>;
	Thu,  5 Apr 2018 15:47:14 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8B877292CB
	for <patchwork-linux-scsi@patchwork.kernel.org>;
	Thu,  5 Apr 2018 15:47:14 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 800EC292CD; Thu,  5 Apr 2018 15:47:14 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU,
	RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D366E292CB
	for <patchwork-linux-scsi@patchwork.kernel.org>;
	Thu,  5 Apr 2018 15:47:13 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751443AbeDEPrN (ORCPT
	<rfc822;patchwork-linux-scsi@patchwork.kernel.org>);
	Thu, 5 Apr 2018 11:47:13 -0400
Received: from mail-wm0-f65.google.com ([74.125.82.65]:37046 "EHLO
	mail-wm0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751439AbeDEPrM (ORCPT
	<rfc822; linux-scsi@vger.kernel.org>); Thu, 5 Apr 2018 11:47:12 -0400
Received: by mail-wm0-f65.google.com with SMTP id r131so8453521wmb.2
	for <linux-scsi@vger.kernel.org>;
	Thu, 05 Apr 2018 08:47:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=broadcom.com; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=0o0kN/GXvTkHUp2oSMBA7v3J2sL+/TjZxkVeGfG3bcI=;
	b=Q0uei1y8PrvVjcH83+i2MUs2pMFOGj2A+tHC0zcpas+X+g07PSivSjMR/FNomFWo2V
	rj6FYNkVrHWfmFcgv5HRT9Hfwqj0De2VOlfbfzGA6Yfq3BAWzuIIN8pzOFEWohUPGcuA
	Xsm6Rapa7kHPsqDbfEfSbdAWwA1S634otGNRE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=0o0kN/GXvTkHUp2oSMBA7v3J2sL+/TjZxkVeGfG3bcI=;
	b=Z1YU4Xnscrgbg6MNMNkP/4actb/dZc0mnJyN2fWAnFXhia8ogR3Mma/TWLfzUz+mAr
	Xo4wGbLIb8ICqaR5t4b5N94LAR0RS7USXjG2+HeAiv7wnK9byWckpf5dTXmfWxUdODCS
	wqY+3L+i0LWklizLtS1EkthtON1Y2t0O3L5hIwIfKtXprx1tqg96Zhxu2QK0lj88NVg7
	dnzaKpRafrbqYSggvTaNnmI0cK4YNFo5LyPwXme/d76rF9oWwv1clmKOWeITP7Vxa2Ha
	ZvZSZONKN1Nae40PsHRcwUKdZSwLJGxijHierRzPMp/Uq/FQ4pNLhu2CCV1CZaaN/CR8
	rgfg==
X-Gm-Message-State: ALQs6tC1r6b16ptWphrCh/BTZzuszzpSuwdQeCuKvsXDi0M4+396IIdg
	Li0t5WBn6snYzolB5lRUhvcA4/8Z
X-Google-Smtp-Source: 
 AIpwx4+YO/cNGivXASmWEUsfQNhxh+TeIXw8I7vvVPLN3RKr7VrIzaHFDT9B2hQvZCTy0ddde4hTTg==
X-Received: by 10.80.177.234 with SMTP id n39mr3519589edd.108.1522943231406;
	Thu, 05 Apr 2018 08:47:11 -0700 (PDT)
Received: from localhost.localdomain.localdomain ([192.19.234.250])
	by smtp.gmail.com with ESMTPSA id
	p91sm4745777edp.65.2018.04.05.08.47.08
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 05 Apr 2018 08:47:10 -0700 (PDT)
From: Chaitra P B <chaitra.basappa@broadcom.com>
To: linux-scsi@vger.kernel.org
Cc: Sathya.Prakash@broadcom.com, sreekanth.reddy@broadcom.com,
	suganath-prabu.subramani@broadcom.com,
	Chaitra P B <chaitra.basappa@broadcom.com>
Subject: [PATCH v1 03/15] mpt3sas: Add sanity checks for scsi tracker before
	accessing it.
Date: Thu,  5 Apr 2018 11:46:25 -0400
Message-Id: <1522943197-5408-4-git-send-email-chaitra.basappa@broadcom.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1522943197-5408-1-git-send-email-chaitra.basappa@broadcom.com>
References: <1522943197-5408-1-git-send-email-chaitra.basappa@broadcom.com>
Sender: linux-scsi-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-scsi.vger.kernel.org>
X-Mailing-List: linux-scsi@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Check scsi tracker 'st' for NULL and st->smid for zero (as driver uses smid
starting from one) before accessing it.
These checks are added as there are possibilities for getting valid
scsi_cmd when driver calls scsi_host_find_tag() API when it loops using
smid(i.e tag) from one to hba queue depth but still scsi tracker st for
this corresponding scsi_cmd is not yet initialized.

For example below are such scenario:
Sometimes it is possible that scsi_cmd might have created at SML but it
might not be issued to the driver (or driver might have returned the
command with Host busy status) as the host reset operation / TMs is in
progress.In such case where the scsi_cmd is not yet processed by driver
then the scsi tracker 'st' of that scsi_cmd & the fields of this 'st' will
be uninitialized.
And hence this patch add checks for 'st' in IOCTL path for TMs issued from
applications and also in host reset path where driver flushes all the
outstanding commands as part of host reset operation.

Signed-off-by: Chaitra P B <chaitra.basappa@broadcom.com>
Signed-off-by: Suganath Prabu S <suganath-prabu.subramani@broadcom.com>
---
 drivers/scsi/mpt3sas/mpt3sas_ctl.c   | 5 ++++-
 drivers/scsi/mpt3sas/mpt3sas_scsih.c | 9 ++++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/drivers/scsi/mpt3sas/mpt3sas_ctl.c b/drivers/scsi/mpt3sas/mpt3sas_ctl.c
index c1b17d6..2f27d5c 100644
--- a/drivers/scsi/mpt3sas/mpt3sas_ctl.c
+++ b/drivers/scsi/mpt3sas/mpt3sas_ctl.c
@@ -590,7 +590,8 @@ _ctl_set_task_mid(struct MPT3SAS_ADAPTER *ioc, struct mpt3_ioctl_command *karg,
 		struct scsiio_tracker *st;
 
 		scmd = mpt3sas_scsih_scsi_lookup_get(ioc, smid);
-		if (!scmd)
+		if (scmd == NULL || scmd->device == NULL ||
+				scmd->device->hostdata == NULL)
 			continue;
 		if (lun != scmd->device->lun)
 			continue;
@@ -600,6 +601,8 @@ _ctl_set_task_mid(struct MPT3SAS_ADAPTER *ioc, struct mpt3_ioctl_command *karg,
 		if (priv_data->sas_target->handle != handle)
 			continue;
 		st = scsi_cmd_priv(scmd);
+		if ((!st) || (st->smid == 0))
+			continue;
 		tm_request->TaskMID = cpu_to_le16(st->smid);
 		found = 1;
 	}
diff --git a/drivers/scsi/mpt3sas/mpt3sas_scsih.c b/drivers/scsi/mpt3sas/mpt3sas_scsih.c
index c9cce65..6b1aaa0 100644
--- a/drivers/scsi/mpt3sas/mpt3sas_scsih.c
+++ b/drivers/scsi/mpt3sas/mpt3sas_scsih.c
@@ -1465,7 +1465,7 @@ mpt3sas_scsih_scsi_lookup_get(struct MPT3SAS_ADAPTER *ioc, u16 smid)
 		scmd = scsi_host_find_tag(ioc->shost, unique_tag);
 		if (scmd) {
 			st = scsi_cmd_priv(scmd);
-			if (st->cb_idx == 0xFF)
+			if ((!st) || (st->cb_idx == 0xFF) || (st->smid == 0))
 				scmd = NULL;
 		}
 	}
@@ -4451,6 +4451,13 @@ _scsih_flush_running_cmds(struct MPT3SAS_ADAPTER *ioc)
 		count++;
 		_scsih_set_satl_pending(scmd, false);
 		st = scsi_cmd_priv(scmd);
+		/*
+		 * It may be possible that SCSI scmd got prepared by SML
+		 * but it has not issued to the driver, for these type of
+		 * scmd's don't do anything"
+		 */
+		if (st && st->smid == 0)
+			continue;
 		mpt3sas_base_clear_st(ioc, st);
 		scsi_dma_unmap(scmd);
 		if (ioc->pci_error_recovery)