Commit 2f6bca20 authored by Xiaofei Tan's avatar Xiaofei Tan Committed by Martin K. Petersen

scsi: hisi_sas: add check of device in hisi_sas_task_exec()

Currently we don't check that device is not gone before dereferencing
its elements in the function hisi_sas_task_exec() (specifically, the DQ
pointer).

This patch fixes this issue by filling in the DQ pointer in
hisi_sas_task_prep() after we check that the device pointer is still
safe to reference.

[mkp: typo]
Signed-off-by: default avatarXiaofei Tan <tanxiaofei@huawei.com>
Signed-off-by: default avatarJohn Garry <john.garry@huawei.com>
Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
parent e85d93b2
...@@ -310,12 +310,13 @@ static void hisi_sas_slot_abort(struct work_struct *work) ...@@ -310,12 +310,13 @@ static void hisi_sas_slot_abort(struct work_struct *work)
task->task_done(task); task->task_done(task);
} }
static int hisi_sas_task_prep(struct sas_task *task, struct hisi_sas_dq *dq, static int hisi_sas_task_prep(struct sas_task *task,
struct hisi_sas_dq **dq_pointer,
int is_tmf, struct hisi_sas_tmf_task *tmf, int is_tmf, struct hisi_sas_tmf_task *tmf,
int *pass) int *pass)
{ {
struct hisi_hba *hisi_hba = dq->hisi_hba;
struct domain_device *device = task->dev; struct domain_device *device = task->dev;
struct hisi_hba *hisi_hba = dev_to_hisi_hba(device);
struct hisi_sas_device *sas_dev = device->lldd_dev; struct hisi_sas_device *sas_dev = device->lldd_dev;
struct hisi_sas_port *port; struct hisi_sas_port *port;
struct hisi_sas_slot *slot; struct hisi_sas_slot *slot;
...@@ -323,8 +324,9 @@ static int hisi_sas_task_prep(struct sas_task *task, struct hisi_sas_dq *dq, ...@@ -323,8 +324,9 @@ static int hisi_sas_task_prep(struct sas_task *task, struct hisi_sas_dq *dq,
struct asd_sas_port *sas_port = device->port; struct asd_sas_port *sas_port = device->port;
struct device *dev = hisi_hba->dev; struct device *dev = hisi_hba->dev;
int dlvry_queue_slot, dlvry_queue, rc, slot_idx; int dlvry_queue_slot, dlvry_queue, rc, slot_idx;
int n_elem = 0, n_elem_req = 0, n_elem_resp = 0; int n_elem = 0, n_elem_req = 0, n_elem_resp = 0;
unsigned long flags, flags_dq; unsigned long flags, flags_dq;
struct hisi_sas_dq *dq;
int wr_q_index; int wr_q_index;
if (!sas_port) { if (!sas_port) {
...@@ -352,6 +354,8 @@ static int hisi_sas_task_prep(struct sas_task *task, struct hisi_sas_dq *dq, ...@@ -352,6 +354,8 @@ static int hisi_sas_task_prep(struct sas_task *task, struct hisi_sas_dq *dq,
return -ECOMM; return -ECOMM;
} }
*dq_pointer = dq = sas_dev->dq;
port = to_hisi_sas_port(sas_port); port = to_hisi_sas_port(sas_port);
if (port && !port->port_attached) { if (port && !port->port_attached) {
dev_info(dev, "task prep: %s port%d not attach device\n", dev_info(dev, "task prep: %s port%d not attach device\n",
...@@ -520,22 +524,21 @@ static int hisi_sas_task_exec(struct sas_task *task, gfp_t gfp_flags, ...@@ -520,22 +524,21 @@ static int hisi_sas_task_exec(struct sas_task *task, gfp_t gfp_flags,
unsigned long flags; unsigned long flags;
struct hisi_hba *hisi_hba = dev_to_hisi_hba(task->dev); struct hisi_hba *hisi_hba = dev_to_hisi_hba(task->dev);
struct device *dev = hisi_hba->dev; struct device *dev = hisi_hba->dev;
struct domain_device *device = task->dev; struct hisi_sas_dq *dq = NULL;
struct hisi_sas_device *sas_dev = device->lldd_dev;
struct hisi_sas_dq *dq = sas_dev->dq;
if (unlikely(test_bit(HISI_SAS_REJECT_CMD_BIT, &hisi_hba->flags))) if (unlikely(test_bit(HISI_SAS_REJECT_CMD_BIT, &hisi_hba->flags)))
return -EINVAL; return -EINVAL;
/* protect task_prep and start_delivery sequence */ /* protect task_prep and start_delivery sequence */
rc = hisi_sas_task_prep(task, dq, is_tmf, tmf, &pass); rc = hisi_sas_task_prep(task, &dq, is_tmf, tmf, &pass);
if (rc) if (rc)
dev_err(dev, "task exec: failed[%d]!\n", rc); dev_err(dev, "task exec: failed[%d]!\n", rc);
spin_lock_irqsave(&dq->lock, flags); if (likely(pass)) {
if (likely(pass)) spin_lock_irqsave(&dq->lock, flags);
hisi_hba->hw->start_delivery(dq); hisi_hba->hw->start_delivery(dq);
spin_unlock_irqrestore(&dq->lock, flags); spin_unlock_irqrestore(&dq->lock, flags);
}
return rc; return rc;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment