| Message ID | 20170616055651.9674-2-jsmart2021@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
On 06/16/2017 07:56 AM, James Smart wrote: > There is a null pointer dereference that can happen in the FOF interrupt > handler. > > The driver was not setting up cq->assoc_qp_for sli4_hba->oas_cq. > > Initialize cq->assoc_qp before accessing it. > > Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com> > Signed-off-by: James Smart <james.smart@broadcom.com> > --- > drivers/scsi/lpfc/lpfc_sli.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c > index 040575adf9c6..4f2cc395597e 100644 > --- a/drivers/scsi/lpfc/lpfc_sli.c > +++ b/drivers/scsi/lpfc/lpfc_sli.c > @@ -13560,6 +13560,9 @@ lpfc_sli4_fof_handle_eqe(struct lpfc_hba *phba, struct lpfc_eqe *eqe) > return; > } > > + /* Save EQ associated with this CQ */ > + cq->assoc_qp = phba->sli4_hba.fof_eq; > + > /* Process all the entries to the OAS CQ */ > while ((cqe = lpfc_sli4_cq_get(cq))) { > workposted |= lpfc_sli4_fp_handle_cqe(phba, cq, cqe); > Reviewed-by: Hannes Reinecke <hare@suse.com> Cheers, Hannes
diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c index 040575adf9c6..4f2cc395597e 100644 --- a/drivers/scsi/lpfc/lpfc_sli.c +++ b/drivers/scsi/lpfc/lpfc_sli.c @@ -13560,6 +13560,9 @@ lpfc_sli4_fof_handle_eqe(struct lpfc_hba *phba, struct lpfc_eqe *eqe) return; } + /* Save EQ associated with this CQ */ + cq->assoc_qp = phba->sli4_hba.fof_eq; + /* Process all the entries to the OAS CQ */ while ((cqe = lpfc_sli4_cq_get(cq))) { workposted |= lpfc_sli4_fp_handle_cqe(phba, cq, cqe);