| Message ID | 20211117104909.2069-1-sreekanth.reddy@broadcom.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | mpt3sas:Fix kernel panic during drive powercycle test | expand |
On Wed, 17 Nov 2021 16:19:09 +0530, Sreekanth Reddy wrote: > While looping over shost's sdev list it is possible that one > of the drive is getting removed and it's sas_target object is > freed but it's sdev object is still intact with the sdev list. > So, kernel panic occurred while driver trying to access the sas_address > field of sas_target object without checking the sas_target object > for NULL pointer. > > [...] Applied to 5.16/scsi-fixes, thanks! [1/1] mpt3sas:Fix kernel panic during drive powercycle test https://git.kernel.org/mkp/scsi/c/0ee4ba13e09c
diff --git a/drivers/scsi/mpt3sas/mpt3sas_scsih.c b/drivers/scsi/mpt3sas/mpt3sas_scsih.c index cee7170beae8..bb0036b41825 100644 --- a/drivers/scsi/mpt3sas/mpt3sas_scsih.c +++ b/drivers/scsi/mpt3sas/mpt3sas_scsih.c @@ -3869,7 +3869,7 @@ _scsih_ublock_io_device(struct MPT3SAS_ADAPTER *ioc, shost_for_each_device(sdev, ioc->shost) { sas_device_priv_data = sdev->hostdata; - if (!sas_device_priv_data) + if (!sas_device_priv_data || !sas_device_priv_data->sas_target) continue; if (sas_device_priv_data->sas_target->sas_address != sas_address)
While looping over shost's sdev list it is possible that one of the drive is getting removed and it's sas_target object is freed but it's sdev object is still intact with the sdev list. So, kernel panic occurred while driver trying to access the sas_address field of sas_target object without checking the sas_target object for NULL pointer. Fixes: f92363d12359("mpt3sas: add new driver supporting 12GB SAS") Signed-off-by: Sreekanth Reddy <sreekanth.reddy@broadcom.com> --- drivers/scsi/mpt3sas/mpt3sas_scsih.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)