| Message ID | 1551705946-4040-1-git-send-email-William.Kuzeja@stratus.com (mailing list archive) |
|---|---|
| State | Mainlined |
| Commit | db0f166e9a37215b15d5d732c98fa15219adccf0 |
| Headers | show |
| Series | qla2xxx: Fix panic in qla_dfs_tgt_counters_show | expand |
On 3/4/19, 5:25 AM, "linux-scsi-owner@vger.kernel.org on behalf of Bill Kuzeja" <linux-scsi-owner@vger.kernel.org on behalf of William.Kuzeja@stratus.com> wrote:
When trying to display tgt_counters in the debugfs, a panic can result.
There is no null check for qpair after it is assigned in the for-loop.
Unless vha->hw->queue_pair_map array is completely filled with entries,
the system will panic dereferencing a null pointer.
Signed-off-by: Bill Kuzeja <william.kuzeja@stratus.com>
---
drivers/scsi/qla2xxx/qla_dfs.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/scsi/qla2xxx/qla_dfs.c b/drivers/scsi/qla2xxx/qla_dfs.c
index 0b19008..d647760 100644
--- a/drivers/scsi/qla2xxx/qla_dfs.c
+++ b/drivers/scsi/qla2xxx/qla_dfs.c
@@ -193,6 +193,8 @@
for (i = 0; i < vha->hw->max_qpairs; i++) {
qpair = vha->hw->queue_pair_map[i];
+ if (!qpair)
+ continue;
qla_core_sbt_cmd += qpair->tgt_counters.qla_core_sbt_cmd;
core_qla_que_buf += qpair->tgt_counters.core_qla_que_buf;
qla_core_ret_ctio += qpair->tgt_counters.qla_core_ret_ctio;
Looks Good.
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Bill, > When trying to display tgt_counters in the debugfs, a panic can result. > > There is no null check for qpair after it is assigned in the for-loop. > Unless vha->hw->queue_pair_map array is completely filled with entries, > the system will panic dereferencing a null pointer. Applied to 5.1/scsi-queue, thanks!
diff --git a/drivers/scsi/qla2xxx/qla_dfs.c b/drivers/scsi/qla2xxx/qla_dfs.c index 0b19008..d647760 100644 --- a/drivers/scsi/qla2xxx/qla_dfs.c +++ b/drivers/scsi/qla2xxx/qla_dfs.c @@ -193,6 +193,8 @@ for (i = 0; i < vha->hw->max_qpairs; i++) { qpair = vha->hw->queue_pair_map[i]; + if (!qpair) + continue; qla_core_sbt_cmd += qpair->tgt_counters.qla_core_sbt_cmd; core_qla_que_buf += qpair->tgt_counters.core_qla_que_buf; qla_core_ret_ctio += qpair->tgt_counters.qla_core_ret_ctio;
When trying to display tgt_counters in the debugfs, a panic can result. There is no null check for qpair after it is assigned in the for-loop. Unless vha->hw->queue_pair_map array is completely filled with entries, the system will panic dereferencing a null pointer. Signed-off-by: Bill Kuzeja <william.kuzeja@stratus.com> --- drivers/scsi/qla2xxx/qla_dfs.c | 2 ++ 1 file changed, 2 insertions(+)