From patchwork Sun May  8 12:11:56 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Petros Koutoupis <petros@petroskoutoupis.com>
X-Patchwork-Id: 9038851
Return-Path: <linux-scsi-owner@kernel.org>
X-Original-To: patchwork-linux-scsi@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork1.web.kernel.org (Postfix) with ESMTP id 1C9EC9F372
	for <patchwork-linux-scsi@patchwork.kernel.org>;
	Sun,  8 May 2016 12:12:06 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 25D0F20131
	for <patchwork-linux-scsi@patchwork.kernel.org>;
	Sun,  8 May 2016 12:12:05 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 088882012D
	for <patchwork-linux-scsi@patchwork.kernel.org>;
	Sun,  8 May 2016 12:12:04 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1750735AbcEHMMC (ORCPT
	<rfc822;patchwork-linux-scsi@patchwork.kernel.org>);
	Sun, 8 May 2016 08:12:02 -0400
Received: from mout.perfora.net ([74.208.4.194]:63174 "EHLO mout.perfora.net"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1750713AbcEHMMA (ORCPT <rfc822;linux-scsi@vger.kernel.org>);
	Sun, 8 May 2016 08:12:00 -0400
Received: from [192.168.1.69] ([99.41.188.243]) by mrelay.perfora.net
	(mreueus003) with ESMTPSA (Nemesis) id 0MDwNt-1aqpG50E8N-00HNDx;
	Sun, 08 May 2016 14:11:58 +0200
Message-ID: <1462709516.2840.18.camel@petros-ultrathin>
Subject: [PATCH] megaraid: add scsi_cmnd NULL check before use (rev 2)
From: Petros Koutoupis <petros@petroskoutoupis.com>
To: kashyap.desai@avagotech.com, sumit.saxena@avagotech.com,
	uday.lingala@avagotech.com
Cc: megaraidlinux.pdl@avagotech.com, linux-scsi@vger.kernel.org,
	"petros@petroskoutoupis.com" <petros@petroskoutoupis.com>
Date: Sun, 08 May 2016 07:11:56 -0500
X-Mailer: Evolution 3.10.4-0ubuntu2 
Mime-Version: 1.0
X-Provags-ID: V03:K0:tE5G6BVG8izdPLtj7Rjyt+6tB23YpjbDsb9uG4+OYwHLW7AYA0H
	B0w4APgiT6vOQIDoD/Z2qgWjxW/m/IONB6JGspySeOK/t7o/U3nMtcQVGPBLpCWKTeqWiNX
	CiA67WDWk3yNYoap6IABt/0DBQN9Yw5I2exnpDPSepCE/1U/1HgsBnwu+HCbVwtBlAdMQeY
	RYvZYIdejiefnbDEC0jcg==
X-UI-Out-Filterresults: notjunk:1; V01:K0:/Fc9Aaoyj2I=:+BQ3UJeD+Af2aalXFn2Av+
	R/zampYSbGXJrpmuokjvMBbCAUi959cbQ5QqiVAhAIjR6yJoBCUBlbkFX1Iiixupbc/38eVm3
	gnVd6Hgvno+zXlbwIJNp0pHXcvI4n+Au0ESo12LcsObwC/+Ew8uzV4+OflhkDraXiXOCFHhzW
	YblpWYjf6fJNuwqYamsGlj5IkxXFPPsJUO8Yv4xSSlj5qpSwaI5aBQfYboLQxUS1KCS1aWZlV
	9Geaktwl/u99vs5S68Ckqo1d/8pVYnOyjykTBdFrZnA4g0ojNfsMMmnM5JOgtwL6lt3eg2E0r
	wNiD6Qc+sxchRY3MHsJzQBA344xabD4tGVDtaBCNX6zBAzq1D5jWTZHE5bPPUN4N3IiJ9X8RM
	F4tKUJhSvF+hxQuc1/RhodeGaAacrMiAOZILr2Qjxv1Kf3cE1HIbQ4VKni+Uuwxpm1B09mKxb
	Pp3+eHcS3iTSS44LMS7vqASO3jcnGeu05e/LxECPtAZ/PPoUox9XamoRkmlNZryntp8GZdCc+
	qmRfv+KXzN1ijW73KHGWHs9UtFO1+SJTP5YPX3CY4acdLnnri04MtiQJdkk6emv/yHQqLAcEi
	1uXhwtL0n1TV3+ozBAMGbJUQplf1beyiG0yRZltC469B6WHOai1k+2crdfj9CwNXqy7AX2j/4
	7IKzj2QPyqigB0J1C1+KSku5zsrKo+U+ixsb4mCPuMTSKNqJJuzaXmOcqOe4/fk41f4vRFLfo
	ymf6w86YehuaXaz6
Sender: linux-scsi-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-scsi.vger.kernel.org>
X-Mailing-List: linux-scsi@vger.kernel.org
X-Spam-Status: No, score=-9.0 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

The current state of the code checks to see if the reference to scsi_cmnd is
not null, but it never checks to see if it is null and always assumes it is valid
before its use in below switch statement. Our customers have been seeing panics in
production because of this. This patch addresses that.

Signed-off-by: Petros Koutoupis <petros@petroskoutoupis.com>
---
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

--- linux/drivers/scsi/megaraid/megaraid_sas_fusion.c.orig	2016-05-07 09:12:56.748969851 -0500
+++ linux/drivers/scsi/megaraid/megaraid_sas_fusion.c	2016-05-07 09:15:29.612967113 -0500
@@ -2277,6 +2277,10 @@ complete_cmd_fusion(struct megasas_insta
 
 		if (cmd_fusion->scmd)
 			cmd_fusion->scmd->SCp.ptr = NULL;
+		else if ((!cmd_fusion->scmd) &&
+			 ((scsi_io_req->Function == MPI2_FUNCTION_SCSI_IO_REQUEST) ||
+			 (scsi_io_req->Function == MEGASAS_MPI2_FUNCTION_LD_IO_REQUEST)))
+			goto next;
 
 		scmd_local = cmd_fusion->scmd;
 		status = scsi_io_req->RaidContext.status;
@@ -2336,7 +2340,7 @@ complete_cmd_fusion(struct megasas_insta
 				megasas_complete_cmd(instance, cmd_mfi, DID_OK);
 			break;
 		}
-
+next:
 		fusion->last_reply_idx[MSIxIndex]++;
 		if (fusion->last_reply_idx[MSIxIndex] >=
 		    fusion->reply_q_depth)