scsi: qla2xxx: Fix NULL pointer dereference for fcport search
Crash dump shows following instructions
crash> bt
PID: 0 TASK: ffffffffbe412480 CPU: 0 COMMAND: "swapper/0"
#0 [ffff891ee0003868] machine_kexec at ffffffffbd063ef1
#1 [ffff891ee00038c8] __crash_kexec at ffffffffbd12b6f2
#2 [ffff891ee0003998] crash_kexec at ffffffffbd12c84c
#3 [ffff891ee00039b8] oops_end at ffffffffbd030f0a
#4 [ffff891ee00039e0] no_context at ffffffffbd074643
#5 [ffff891ee0003a40] __bad_area_nosemaphore at ffffffffbd07496e
#6 [ffff891ee0003a90] bad_area_nosemaphore at ffffffffbd074a64
#7 [ffff891ee0003aa0] __do_page_fault at ffffffffbd074b0a
#8 [ffff891ee0003b18] do_page_fault at ffffffffbd074fc8
#9 [ffff891ee0003b50] page_fault at ffffffffbda01925
[exception RIP: qlt_schedule_sess_for_deletion+15]
RIP: ffffffffc02e526f RSP: ffff891ee0003c08 RFLAGS: 00010046
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffffc0307847
RDX: 00000000000020e6 RSI: ffff891edbc377c8 RDI: 0000000000000000
RBP: ffff891ee0003c18 R8: ffffffffc02f0b20 R9: 0000000000000250
R10: 0000000000000258 R11: 000000000000b780 R12: ffff891ed9b43000
R13: 00000000000000f0 R14: 0000000000000006 R15: ffff891edbc377c8
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
#10 [ffff891ee0003c20] qla2x00_fcport_event_handler at ffffffffc02853d3 [qla2xxx]
#11 [ffff891ee0003cf0] __dta_qla24xx_async_gnl_sp_done_333 at ffffffffc0285a1d [qla2xxx]
#12 [ffff891ee0003de8] qla24xx_process_response_queue at ffffffffc02a2eb5 [qla2xxx]
#13 [ffff891ee0003e88] qla24xx_msix_rsp_q at ffffffffc02a5403 [qla2xxx]
#14 [ffff891ee0003ec0] __handle_irq_event_percpu at ffffffffbd0f4c59
#15 [ffff891ee0003f10] handle_irq_event_percpu at ffffffffbd0f4e02
#16 [ffff891ee0003f40] handle_irq_event at ffffffffbd0f4e90
#17 [ffff891ee0003f68] handle_edge_irq at ffffffffbd0f8984
#18 [ffff891ee0003f88] handle_irq at ffffffffbd0305d5
#19 [ffff891ee0003fb8] do_IRQ at ffffffffbda02a18
--- <IRQ stack> ---
#20 [ffffffffbe403d30] ret_from_intr at ffffffffbda0094e
[exception RIP: unknown or invalid address]
RIP: 000000000000001f RSP: 0000000000000000 RFLAGS: fff3b8c2091ebb3f
RAX: ffffbba5a0000200 RBX: 0000be8cdfa8f9fa RCX: 0000000000000018
RDX: 0000000000000101 RSI: 000000000000015d RDI: 0000000000000193
RBP: 0000000000000083 R8: ffffffffbe403e38 R9: 0000000000000002
R10: 0000000000000000 R11: ffffffffbe56b820 R12: ffff891ee001cf00
R13: ffffffffbd11c0a4 R14: ffffffffbe403d60 R15: 0000000000000001
ORIG_RAX: ffff891ee0022ac0 CS: 0000 SS: ffffffffffffffb9
bt: WARNING: possibly bogus exception frame
#21 [ffffffffbe403dd8] cpuidle_enter_state at ffffffffbd67c6fd
#22 [ffffffffbe403e40] cpuidle_enter at ffffffffbd67c907
#23 [ffffffffbe403e50] call_cpuidle at ffffffffbd0d98f3
#24 [ffffffffbe403e60] do_idle at ffffffffbd0d9b42
#25 [ffffffffbe403e98] cpu_startup_entry at ffffffffbd0d9da3
#26 [ffffffffbe403ec0] rest_init at ffffffffbd81d4aa
#27 [ffffffffbe403ed0] start_kernel at ffffffffbe67d2ca
#28 [ffffffffbe403f28] x86_64_start_reservations at ffffffffbe67c675
#29 [ffffffffbe403f38] x86_64_start_kernel at ffffffffbe67c6eb
#30 [ffffffffbe403f50] secondary_startup_64 at ffffffffbd0000d5
Fixes: 040036bb0b ("scsi: qla2xxx: Delay loop id allocation at login")
Cc: <stable@vger.kernel.org> # v4.17+
Signed-off-by: Chuck Anderson <chuck.anderson@oracle.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
This commit is contained in:
Chuck Anderson
Martin K. Petersen
parent
d48cc67cd4
commit
36eb8ff672
|
|
@ -591,12 +591,14 @@ static void qla24xx_handle_gnl_done_event(scsi_qla_host_t *vha,
|
|||
conflict_fcport =
|
||||
qla2x00_find_fcport_by_wwpn(vha,
|
||||
e->port_name, 0);
|
||||
ql_dbg(ql_dbg_disc, vha, 0x20e6,
|
||||
"%s %d %8phC post del sess\n",
|
||||
__func__, __LINE__,
|
||||
conflict_fcport->port_name);
|
||||
qlt_schedule_sess_for_deletion
|
||||
(conflict_fcport);
|
||||
if (conflict_fcport) {
|
||||
qlt_schedule_sess_for_deletion
|
||||
(conflict_fcport);
|
||||
ql_dbg(ql_dbg_disc, vha, 0x20e6,
|
||||
"%s %d %8phC post del sess\n",
|
||||
__func__, __LINE__,
|
||||
conflict_fcport->port_name);
|
||||
}
|
||||
}
|
||||
|
||||
/* FW already picked this loop id for another fcport */
|
||||
|
|
|
|||
Loading…
Reference in New Issue