review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	James Smart <jsmart2021@gmail.com>
	Mon, 1 Mar 2021 17:18:03 +0000 (09:18 -0800)
committer	Martin K. Petersen <martin.petersen@oracle.com>
	Thu, 4 Mar 2021 22:37:04 +0000 (17:37 -0500)
commit	2693f5deed16e302297fa591862dd9cc560ec3b5
tree	a508d242ab8422a357288c18dd5a313e8f5b9938	tree \| snapshot
parent	68a6a66c5168f3995baed3fc5bee2d4515eb16d0	commit \| diff

scsi: lpfc: Fix stale node accesses on stale RRQ request

Whenever an RRQ needs to be triggered, the DID from the node structure and
node pointer are stored in the RRQ data structure and the RRQ is scheduled
for later transmission. However, at the point in time that the timer
triggers, there's no validation on the node pointer. Reference counters may
have freed the structure. Additionally the DID in the node may no longer be
valid.

Fix by not tracking the node pointer in the RRQ, only the DID. At the time
of the timer expiration, look up the node with the did and if present, send
the RRQ. If no node exists, no need to send the RRQ.

Link: https://lore.kernel.org/r/20210301171821.3427-5-jsmart2021@gmail.com
Co-developed-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

drivers/scsi/lpfc/lpfc_disc.h		diff \| blob \| history
drivers/scsi/lpfc/lpfc_els.c		diff \| blob \| history
drivers/scsi/lpfc/lpfc_sli.c		diff \| blob \| history