Commit b7672ae6 authored Sep 29, 2017 by Dick Kennedy Committed by Martin K. Petersen Oct 02, 2017

scsi: lpfc: Fix crash in lpfc_nvme_fcp_io_submit during LIP

The driver is seeing a NULL pointer in lpfc_nvme_fcp_io_submit. This
was ultimately due to a transport AER being sent on a terminated
controller, thus some of the values were not set. In case we're in a
system without a corrected transport and in case a race condition occurs
where we enter the routine as the teardown is happening in a separate
thread, validate the parameters before starting the io.

Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <james.smart@broadcom.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

parent 42270dce

drivers/scsi/lpfc/lpfc_nvme.c

+10 −0

Original line number	Diff line number	Diff line
		@@ -1235,6 +1235,16 @@ lpfc_nvme_fcp_io_submit(struct nvme_fc_local_port *pnvme_lport,
		vport = lport->vport;
		phba = vport->phba;

		/* Validate pointers. */
		if (!pnvme_lport \|\| !pnvme_rport \|\| !freqpriv) {
		lpfc_printf_vlog(vport, KERN_INFO, LOG_NVME_IOERR \| LOG_NODE,
		"6117 No Send:IO submit ptrs NULL, lport %p, "
		"rport %p fcreq_priv %p\n",
		pnvme_lport, pnvme_rport, freqpriv);
		ret = -ENODEV;
		goto out_fail;
		}

		#ifdef CONFIG_SCSI_LPFC_DEBUG_FS
		if (phba->ktime_on)
		start = ktime_get_ns();

Admin message