Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3ee17f59 authored by Yi Zou's avatar Yi Zou Committed by James Bottomley
Browse files

[SCSI] libfc: fix referencing to fc_fcp_pkt from the frame pointer via fr_fsp() 



In commit 6a716a85, while releasing the DDP context in case frame_send() failed,
the frame may already be freed, so we should store the pointer to fc_fcp_pkt and
release the DDP context using the locally stored fsp instead of getting fsp from
the fr_fsp(fp) on a frame.

Signed-off-by: default avatarYi Zou <yi.zou@intel.com>
Reported-by: default avatarBhanu Prakash Gollapudi <bprakash@broadcom.com>
Tested-by: default avatarRoss Brattain <ross.b.brattain@intel.com>
Signed-off-by: default avatarRobert Love <robert.w.love@intel.com>
Signed-off-by: default avatarJames Bottomley <JBottomley@Parallels.com>
parent 21cc0bd3

drivers/scsi/libfc/fc_exch.c

+6 −2
Original line number Diff line number Diff line
@@ -1981,6 +1981,7 @@ static struct fc_seq *fc_exch_seq_send(struct fc_lport *lport, 
	struct fc_exch *ep;

	struct fc_seq *sp = NULL;

	struct fc_frame_header *fh;

	struct fc_fcp_pkt *fsp = NULL;

	int rc = 1;



	ep = fc_exch_alloc(lport, fp);
@@ -2003,8 +2004,10 @@ static struct fc_seq *fc_exch_seq_send(struct fc_lport *lport, 
	fc_exch_setup_hdr(ep, fp, ep->f_ctl);

	sp->cnt++;



	if (ep->xid <= lport->lro_xid && fh->fh_r_ctl == FC_RCTL_DD_UNSOL_CMD)

	if (ep->xid <= lport->lro_xid && fh->fh_r_ctl == FC_RCTL_DD_UNSOL_CMD) {

		fsp = fr_fsp(fp);

		fc_fcp_ddp_setup(fr_fsp(fp), ep->xid);

	}



	if (unlikely(lport->tt.frame_send(lport, fp)))

		goto err;
@@ -2018,7 +2021,8 @@ static struct fc_seq *fc_exch_seq_send(struct fc_lport *lport, 
	spin_unlock_bh(&ep->ex_lock);

	return sp;

err:

	fc_fcp_ddp_done(fr_fsp(fp));

	if (fsp)

		fc_fcp_ddp_done(fsp);

	rc = fc_exch_done_locked(ep);

	spin_unlock_bh(&ep->ex_lock);

	if (!rc)