scsi: lpfc: devloss timeout race condition caused null pointer reference (b0e83012) · Commits · e / devices / android_kernel_fairphone_FP4

drivers/scsi/lpfc/lpfc_scsi.c

+5 −0

Original line number	Diff line number	Diff line
		@@ -4538,6 +4538,11 @@ lpfc_queuecommand(struct Scsi_Host shost, struct scsi_cmnd cmnd)
		int err;

		rdata = lpfc_rport_data_from_scsi_device(cmnd->device);

		/* sanity check on references */
		if (unlikely(!rdata) \|\| unlikely(!rport))
		goto out_fail_command;

		err = fc_remote_port_chkready(rport);
		if (err) {
		cmnd->result = err;

+9 −4

Original line number	Diff line number	Diff line
		@@ -11091,10 +11091,11 @@ lpfc_sli_validate_fcp_iocb(struct lpfc_iocbq iocbq, struct lpfc_vport vport,
		struct lpfc_scsi_buf *lpfc_cmd;
		int rc = 1;

		if (!(iocbq->iocb_flag & LPFC_IO_FCP))
		if (iocbq->vport != vport)
		return rc;

		if (iocbq->vport != vport)
		if (!(iocbq->iocb_flag & LPFC_IO_FCP) \|\|
		!(iocbq->iocb_flag & LPFC_IO_ON_TXCMPLQ))
		return rc;

		lpfc_cmd = container_of(iocbq, struct lpfc_scsi_buf, cur_iocbq);
		@@ -11104,13 +11105,13 @@ lpfc_sli_validate_fcp_iocb(struct lpfc_iocbq iocbq, struct lpfc_vport vport,

		switch (ctx_cmd) {
		case LPFC_CTX_LUN:
		if ((lpfc_cmd->rdata->pnode) &&
		if ((lpfc_cmd->rdata) && (lpfc_cmd->rdata->pnode) &&
		(lpfc_cmd->rdata->pnode->nlp_sid == tgt_id) &&
		(scsilun_to_int(&lpfc_cmd->fcp_cmnd->fcp_lun) == lun_id))
		rc = 0;
		break;
		case LPFC_CTX_TGT:
		if ((lpfc_cmd->rdata->pnode) &&
		if ((lpfc_cmd->rdata) && (lpfc_cmd->rdata->pnode) &&
		(lpfc_cmd->rdata->pnode->nlp_sid == tgt_id))
		rc = 0;
		break;
		@@ -11225,6 +11226,10 @@ lpfc_sli_abort_iocb(struct lpfc_vport vport, struct lpfc_sli_ring pring,
		int errcnt = 0, ret_val = 0;
		int i;

		/* all I/Os are in process of being flushed */
		if (phba->hba_flag & HBA_FCP_IOQ_FLUSH)
		return errcnt;

		for (i = 1; i <= phba->sli.last_iotag; i++) {
		iocbq = phba->sli.iocbq_lookup[i];