| Message ID | 20191018162111.8798-1-dwagner@suse.de (mailing list archive) |
|---|---|
| State | Mainlined |
| Commit | 535fb49e730a6fe1e9f11af4ae67ef4228ff4287 |
| Headers | show |
| Series | scsi: lpfc: Check queue pointer before use | expand |
On 10/18/2019 9:21 AM, Daniel Wagner wrote: > The queue pointer might not be valid. The rest of the code checks the > pointer before accessing it. lpfc_sli4_process_missed_mbox_completions > is the only place where the check is missing. > > Fixes: 657add4e5e15 ("scsi: lpfc: Fix poor use of hardware queues if fewer irq vectors") > Cc: James Smart <jsmart2021@gmail.com> > Signed-off-by: Daniel Wagner <dwagner@suse.de> > --- > Hi, > > Not entirely sure if this correct. I tried to understand the logic of > the mentioned patch but failed to grasps all the details. Anyway, we > observe a crash in lpfc_sli4_process_missed_mbox_completions() while > iterating the array. All but the last one entry has a valid pointer. > > Thanks, > Daniel > > drivers/scsi/lpfc/lpfc_sli.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c > index 379c37451645..149966ba8a17 100644 > --- a/drivers/scsi/lpfc/lpfc_sli.c > +++ b/drivers/scsi/lpfc/lpfc_sli.c > @@ -7906,7 +7906,7 @@ lpfc_sli4_process_missed_mbox_completions(struct lpfc_hba *phba) > if (sli4_hba->hdwq) { > for (eqidx = 0; eqidx < phba->cfg_irq_chann; eqidx++) { > eq = phba->sli4_hba.hba_eq_hdl[eqidx].eq; > - if (eq->queue_id == sli4_hba->mbx_cq->assoc_qid) { > + if (eq && eq->queue_id == sli4_hba->mbx_cq->assoc_qid) { > fpeq = eq; > break; > } looks fine. Thanks! Reviewed by: James Smart <james.smart@broadcom.com> -- james
Daniel, > The queue pointer might not be valid. The rest of the code checks the > pointer before accessing it. lpfc_sli4_process_missed_mbox_completions > is the only place where the check is missing. Applied to 5.4/scsi-fixes, thanks!
diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c index 379c37451645..149966ba8a17 100644 --- a/drivers/scsi/lpfc/lpfc_sli.c +++ b/drivers/scsi/lpfc/lpfc_sli.c @@ -7906,7 +7906,7 @@ lpfc_sli4_process_missed_mbox_completions(struct lpfc_hba *phba) if (sli4_hba->hdwq) { for (eqidx = 0; eqidx < phba->cfg_irq_chann; eqidx++) { eq = phba->sli4_hba.hba_eq_hdl[eqidx].eq; - if (eq->queue_id == sli4_hba->mbx_cq->assoc_qid) { + if (eq && eq->queue_id == sli4_hba->mbx_cq->assoc_qid) { fpeq = eq; break; }
The queue pointer might not be valid. The rest of the code checks the pointer before accessing it. lpfc_sli4_process_missed_mbox_completions is the only place where the check is missing. Fixes: 657add4e5e15 ("scsi: lpfc: Fix poor use of hardware queues if fewer irq vectors") Cc: James Smart <jsmart2021@gmail.com> Signed-off-by: Daniel Wagner <dwagner@suse.de> --- Hi, Not entirely sure if this correct. I tried to understand the logic of the mentioned patch but failed to grasps all the details. Anyway, we observe a crash in lpfc_sli4_process_missed_mbox_completions() while iterating the array. All but the last one entry has a valid pointer. Thanks, Daniel drivers/scsi/lpfc/lpfc_sli.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)