[PATCH AUTOSEL 4.4 15/16] scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response

From: Sasha Levin
Date: Mon May 03 2021 - 13:07:37 EST

Next message: guoren: "[GIT PULL] csky changes for v5.13-rc1"
Previous message: Sasha Levin: "[PATCH AUTOSEL 4.14 23/31] media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove()"
In reply to: Sasha Levin: "[PATCH AUTOSEL 4.4 10/16] media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove()"
Next in thread: Sasha Levin: "[PATCH AUTOSEL 4.4 03/16] media: media/saa7164: fix saa7164_encoder_register() memory leak bugs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: James Smart <jsmart2021@xxxxxxxxx>

[ Upstream commit fffd18ec6579c2d9c72b212169259062fe747888 ]

Fix a crash caused by a double put on the node when the driver completed an
ACC for an unsolicted abort on the same node. The second put was executed
by lpfc_nlp_not_used() and is wrong because the completion routine executes
the nlp_put when the iocbq was released. Additionally, the driver is
issuing a LOGO then immediately calls lpfc_nlp_set_state to put the node
into NPR. This call does nothing.

Remove the lpfc_nlp_not_used call and additional set_state in the
completion routine. Remove the lpfc_nlp_set_state post issue_logo. Isn't
necessary.

Link: https://lore.kernel.org/r/20210412013127.2387-3-jsmart2021@xxxxxxxxx
Co-developed-by: Justin Tee <justin.tee@xxxxxxxxxxxx>
Signed-off-by: Justin Tee <justin.tee@xxxxxxxxxxxx>
Signed-off-by: James Smart <jsmart2021@xxxxxxxxx>
Signed-off-by: Martin K. Petersen <martin.petersen@xxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
drivers/scsi/lpfc/lpfc_nportdisc.c | 2 --
drivers/scsi/lpfc/lpfc_sli.c | 1 -
2 files changed, 3 deletions(-)

diff --git a/drivers/scsi/lpfc/lpfc_nportdisc.c b/drivers/scsi/lpfc/lpfc_nportdisc.c
index 6aa0698925da..1a44102b43c3 100644
--- a/drivers/scsi/lpfc/lpfc_nportdisc.c
+++ b/drivers/scsi/lpfc/lpfc_nportdisc.c
@@ -1604,8 +1604,6 @@ lpfc_cmpl_reglogin_reglogin_issue(struct lpfc_vport *vport,
ndlp->nlp_last_elscmd = ELS_CMD_PLOGI;

lpfc_issue_els_logo(vport, ndlp, 0);
- ndlp->nlp_prev_state = NLP_STE_REG_LOGIN_ISSUE;
- lpfc_nlp_set_state(vport, ndlp, NLP_STE_NPR_NODE);
return ndlp->nlp_state;
}

diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c
index 97c0d79a2601..9055a8fce3d4 100644
--- a/drivers/scsi/lpfc/lpfc_sli.c
+++ b/drivers/scsi/lpfc/lpfc_sli.c
@@ -15049,7 +15049,6 @@ lpfc_sli4_seq_abort_rsp_cmpl(struct lpfc_hba *phba,
if (cmd_iocbq) {
ndlp = (struct lpfc_nodelist *)cmd_iocbq->context1;
lpfc_nlp_put(ndlp);
- lpfc_nlp_not_used(ndlp);
lpfc_sli_release_iocbq(phba, cmd_iocbq);
}

--
2.30.2

Next message: guoren: "[GIT PULL] csky changes for v5.13-rc1"
Previous message: Sasha Levin: "[PATCH AUTOSEL 4.14 23/31] media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove()"
In reply to: Sasha Levin: "[PATCH AUTOSEL 4.4 10/16] media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove()"
Next in thread: Sasha Levin: "[PATCH AUTOSEL 4.4 03/16] media: media/saa7164: fix saa7164_encoder_register() memory leak bugs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]