projects / platform / kernel / linux-rpi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4adc041)
scsi: lpfc: Fix crash in lpfc nvmet when fc port is reset
authorDick Kennedy <dick.kennedy@broadcom.com>
Wed, 23 Aug 2017 23:55:38 +0000 (16:55 -0700)
committerMartin K. Petersen <martin.petersen@oracle.com>
Fri, 25 Aug 2017 02:29:38 +0000 (22:29 -0400)
In adapter reset tests, an oops was seen with a NULL pointer in
lpfc_free_rq_buffer+0x20/0x60

The driver is failing to properly repost the nvmet sgl list when
recovering from the reset. Thus the driver eventually trys to walk an
errant buffer list.

Corrected the sgl buffer recovery as well as strengthening the
initialization of the bufferlist.

Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <james.smart@broadcom.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
drivers/scsi/lpfc/lpfc_init.c patch | blob | history

diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c
index 9294c89..f82618a 100644 (file)
--- a/drivers/scsi/lpfc/lpfc_init.c
+++ b/drivers/scsi/lpfc/lpfc_init.c
@@ -3226,6 +3226,13 @@ lpfc_offline(struct lpfc_hba *phba)
 
        /* stop port and all timers associated with this hba */
        lpfc_stop_port(phba);
+
+       /* Tear down the local and target port registrations.  The
+        * nvme transports need to cleanup.
+        */
+       lpfc_nvmet_destroy_targetport(phba);
+       lpfc_nvme_destroy_localport(phba->pport);
+
        vports = lpfc_create_vport_work_array(phba);
        if (vports != NULL)
                for (i = 0; i <= phba->max_vports && vports[i] != NULL; i++)
@@ -6516,6 +6523,12 @@ lpfc_free_nvmet_sgl_list(struct lpfc_hba *phba)
                lpfc_nvmet_buf_free(phba, sglq_entry->virt, sglq_entry->phys);
                kfree(sglq_entry);
        }
+
+       /* Update the nvmet_xri_cnt to reflect no current sgls.
+        * The next initialization cycle sets the count and allocates
+        * the sgls over again.
+        */
+       phba->sli4_hba.nvmet_xri_cnt = 0;
 }
 
 /**
@@ -8301,6 +8314,9 @@ lpfc_sli4_queue_create(struct lpfc_hba *phba)
                                goto out_error;
                        }
 
+                       /* Put list in known state in case driver load fails. */
+                       INIT_LIST_HEAD(&qdesc->rqbp->rqb_buffer_list);
+
                        /* Create NVMET Receive Queue for data */
                        qdesc = lpfc_sli4_queue_alloc(phba,
                                                      phba->sli4_hba.rq_esize,
Domain: System / Kernel;