[PATCH 4.14 107/193] scsi: lpfc: fix pci hot plug crash in list_add call

From: Greg Kroah-Hartman
Date: Tue Nov 28 2017 - 06:18:40 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.14 105/193] scsi: sd_zbc: Fix sd_zbc_read_zoned_characteristics()"
Previous message: gengdongjiu: "[question] extract the feature bits width to 4"
In reply to: Greg Kroah-Hartman: "[PATCH 4.14 096/193] ASoC: sun8i-codec: Invert Master / Slave condition"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.14 105/193] scsi: sd_zbc: Fix sd_zbc_read_zoned_characteristics()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

4.14-stable review patch. If anyone has any objections, please let me know.

------------------

From: Dick Kennedy <dick.kennedy@xxxxxxxxxxxx>

commit 401bb4169da655f3e5d28d0b208182e1ab60bf2a upstream.

During pci hot plug, the kernel crashes in a list_add_call

The lookup by tag function will return null if the IOCB is out of range
or does not have the on txcmplq flag set.

Fix: Check for null return from lookup by tag.

Signed-off-by: Dick Kennedy <dick.kennedy@xxxxxxxxxxxx>
Signed-off-by: James Smart <james.smart@xxxxxxxxxxxx>
Reviewed-by: Johannes Thumshirn <jthumshirn@xxxxxxx>
Signed-off-by: Martin K. Petersen <martin.petersen@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
drivers/scsi/lpfc/lpfc_sli.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)

--- a/drivers/scsi/lpfc/lpfc_sli.c
+++ b/drivers/scsi/lpfc/lpfc_sli.c
@@ -12507,19 +12507,21 @@ lpfc_sli4_els_wcqe_to_rspiocbq(struct lp
/* Look up the ELS command IOCB and create pseudo response IOCB */
cmdiocbq = lpfc_sli_iocbq_lookup_by_tag(phba, pring,
bf_get(lpfc_wcqe_c_request_tag, wcqe));
- /* Put the iocb back on the txcmplq */
- lpfc_sli_ringtxcmpl_put(phba, pring, cmdiocbq);
- spin_unlock_irqrestore(&pring->ring_lock, iflags);
-
if (unlikely(!cmdiocbq)) {
+ spin_unlock_irqrestore(&pring->ring_lock, iflags);
lpfc_printf_log(phba, KERN_WARNING, LOG_SLI,
"0386 ELS complete with no corresponding "
- "cmdiocb: iotag (%d)\n",
- bf_get(lpfc_wcqe_c_request_tag, wcqe));
+ "cmdiocb: 0x%x 0x%x 0x%x 0x%x\n",
+ wcqe->word0, wcqe->total_data_placed,
+ wcqe->parameter, wcqe->word3);
lpfc_sli_release_iocbq(phba, irspiocbq);
return NULL;
}

+ /* Put the iocb back on the txcmplq */
+ lpfc_sli_ringtxcmpl_put(phba, pring, cmdiocbq);
+ spin_unlock_irqrestore(&pring->ring_lock, iflags);
+
/* Fake the irspiocbq and copy necessary response information */
lpfc_sli4_iocb_param_transfer(phba, irspiocbq, cmdiocbq, wcqe);

@@ -17137,7 +17139,8 @@ exit:
if (pcmd && pcmd->virt)
dma_pool_free(phba->lpfc_drb_pool, pcmd->virt, pcmd->phys);
kfree(pcmd);
- lpfc_sli_release_iocbq(phba, iocbq);
+ if (iocbq)
+ lpfc_sli_release_iocbq(phba, iocbq);
lpfc_in_buf_free(phba, &dmabuf->dbuf);
}

Next message: Greg Kroah-Hartman: "[PATCH 4.14 105/193] scsi: sd_zbc: Fix sd_zbc_read_zoned_characteristics()"
Previous message: gengdongjiu: "[question] extract the feature bits width to 4"
In reply to: Greg Kroah-Hartman: "[PATCH 4.14 096/193] ASoC: sun8i-codec: Invert Master / Slave condition"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.14 105/193] scsi: sd_zbc: Fix sd_zbc_read_zoned_characteristics()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]