scsi: qla2xxx: Fix unintialized List head crash
commit
e3dde080ebbdbb4bda8eee35d770714fee8c59ac upstream.
In case of IOCB Queue full or system where memory is low and driver
receives large number of RSCN storm, the stale sp pointer can stay on
gpnid_list resulting in page_fault.
This patch fixes this issue by initializing the sp->elem list head and
removing sp->elem before memory is freed.
Following stack trace is seen
9 [
ffff987b37d1bc60] page_fault at
ffffffffad516768 [exception RIP: qla24xx_async_gpnid+496]
10 [
ffff987b37d1bd10] qla24xx_async_gpnid at
ffffffffc039866d [qla2xxx]
11 [
ffff987b37d1bd80] qla2x00_do_work at
ffffffffc036169c [qla2xxx]
12 [
ffff987b37d1be38] qla2x00_do_dpc_all_vps at
ffffffffc03adfed [qla2xxx]
13 [
ffff987b37d1be78] qla2x00_do_dpc at
ffffffffc036458a [qla2xxx]
14 [
ffff987b37d1bec8] kthread at
ffffffffacebae31
Fixes: 2d73ac6102d9 ("scsi: qla2xxx: Serialize GPNID for multiple RSCN")
Cc: <stable@vger.kernel.org> # v4.17+
Signed-off-by: Quinn Tran <quinn.tran@cavium.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>