Commit ef8d1d51 authored by Johannes Thumshirn's avatar Johannes Thumshirn Committed by Martin K. Petersen

qla2xxx: setup data needed in ISR before setting up the ISR

qla2xxx first calls request_irq() and then does the setup of the queue
entry data needed in the interrupt handlers in when using MSI-X. This
could lead to a NULL pointer dereference when an IRQ fires between the
request_irq() call and the assignment of the qentry data structure to
the rsp->msix field. A possible case for such a race would be in the
kdump case when the HBA's IRQs are still enabled but the driver is
undergoing a new initialisation and thus is not aware of already
activated IRQs in the HBA.
Signed-off-by: default avatarJohannes Thumshirn <jthumshirn@suse.de>
Reviewed-by: default avatarHannes Reinecke <hare@suse.com>
Reviewed-by: default avatarHimanshu Madhani <himanshu.madhani@qlogic.com>
Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
parent cb05cbb3
...@@ -3086,6 +3086,8 @@ qla24xx_enable_msix(struct qla_hw_data *ha, struct rsp_que *rsp) ...@@ -3086,6 +3086,8 @@ qla24xx_enable_msix(struct qla_hw_data *ha, struct rsp_que *rsp)
/* Enable MSI-X vectors for the base queue */ /* Enable MSI-X vectors for the base queue */
for (i = 0; i < 2; i++) { for (i = 0; i < 2; i++) {
qentry = &ha->msix_entries[i]; qentry = &ha->msix_entries[i];
qentry->rsp = rsp;
rsp->msix = qentry;
if (IS_P3P_TYPE(ha)) if (IS_P3P_TYPE(ha))
ret = request_irq(qentry->vector, ret = request_irq(qentry->vector,
qla82xx_msix_entries[i].handler, qla82xx_msix_entries[i].handler,
...@@ -3097,8 +3099,6 @@ qla24xx_enable_msix(struct qla_hw_data *ha, struct rsp_que *rsp) ...@@ -3097,8 +3099,6 @@ qla24xx_enable_msix(struct qla_hw_data *ha, struct rsp_que *rsp)
if (ret) if (ret)
goto msix_register_fail; goto msix_register_fail;
qentry->have_irq = 1; qentry->have_irq = 1;
qentry->rsp = rsp;
rsp->msix = qentry;
/* Register for CPU affinity notification. */ /* Register for CPU affinity notification. */
irq_set_affinity_notifier(qentry->vector, &qentry->irq_notify); irq_set_affinity_notifier(qentry->vector, &qentry->irq_notify);
...@@ -3119,12 +3119,12 @@ qla24xx_enable_msix(struct qla_hw_data *ha, struct rsp_que *rsp) ...@@ -3119,12 +3119,12 @@ qla24xx_enable_msix(struct qla_hw_data *ha, struct rsp_que *rsp)
*/ */
if (QLA_TGT_MODE_ENABLED() && IS_ATIO_MSIX_CAPABLE(ha)) { if (QLA_TGT_MODE_ENABLED() && IS_ATIO_MSIX_CAPABLE(ha)) {
qentry = &ha->msix_entries[ATIO_VECTOR]; qentry = &ha->msix_entries[ATIO_VECTOR];
qentry->rsp = rsp;
rsp->msix = qentry;
ret = request_irq(qentry->vector, ret = request_irq(qentry->vector,
qla83xx_msix_entries[ATIO_VECTOR].handler, qla83xx_msix_entries[ATIO_VECTOR].handler,
0, qla83xx_msix_entries[ATIO_VECTOR].name, rsp); 0, qla83xx_msix_entries[ATIO_VECTOR].name, rsp);
qentry->have_irq = 1; qentry->have_irq = 1;
qentry->rsp = rsp;
rsp->msix = qentry;
} }
msix_register_fail: msix_register_fail:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment