Fix panic in lpfc_get_stats() Symptoms: Panic on sysfs stats access Cause: In lpfc_get_stats() we are writing to memory that we do not own. Fix: Fix our stats structure allocation. Embed phba->link_stats in struct lpfc_hba and stop treating it like rogue structure. Note: Embedding midlayer/transport structure in our structure caused need for more files to include midlayer/transport headers. Signed-off-by: James Smart <James.Smart@xxxxxxxxxx> --- a/drivers/scsi/lpfc/lpfc_init.c +++ b/drivers/scsi/lpfc/lpfc_init.c @@ -1339,14 +1339,12 @@ lpfc_pci_probe_one(struct pci_dev *pdev, if (pci_request_regions(pdev, LPFC_DRIVER_NAME)) goto out_disable_device; - host = scsi_host_alloc(&lpfc_template, - sizeof (struct lpfc_hba) + sizeof (unsigned long)); + host = scsi_host_alloc(&lpfc_template, sizeof (struct lpfc_hba)); if (!host) goto out_release_regions; phba = (struct lpfc_hba*)host->hostdata; memset(phba, 0, sizeof (struct lpfc_hba)); - phba->link_stats = (void *)&phba[1]; phba->host = host; phba->fc_flag |= FC_LOADING; --- a/drivers/scsi/lpfc/lpfc_mbox.c +++ b/drivers/scsi/lpfc/lpfc_mbox.c @@ -23,6 +23,9 @@ #include <linux/pci.h> #include <linux/interrupt.h> +#include <scsi/scsi_device.h> +#include <scsi/scsi_transport_fc.h> + #include "lpfc_hw.h" #include "lpfc_sli.h" #include "lpfc_disc.h" --- a/drivers/scsi/lpfc/lpfc_ct.c +++ b/drivers/scsi/lpfc/lpfc_ct.c @@ -29,6 +29,7 @@ #include <scsi/scsi_device.h> #include <scsi/scsi_host.h> +#include <scsi/scsi_transport_fc.h> #include "lpfc_hw.h" #include "lpfc_sli.h" --- a/drivers/scsi/lpfc/lpfc_attr.c +++ b/drivers/scsi/lpfc/lpfc_attr.c @@ -988,8 +988,7 @@ lpfc_get_stats(struct Scsi_Host *shost) { struct lpfc_hba *phba = (struct lpfc_hba *)shost->hostdata[0]; struct lpfc_sli *psli = &phba->sli; - struct fc_host_statistics *hs = - (struct fc_host_statistics *)phba->link_stats; + struct fc_host_statistics *hs = &phba->link_stats; LPFC_MBOXQ_t *pmboxq; MAILBOX_t *pmb; int rc=0; @@ -1020,6 +1019,8 @@ lpfc_get_stats(struct Scsi_Host *shost) return NULL; } + memset(hs, 0, sizeof (struct fc_host_statistics)); + hs->tx_frames = pmb->un.varRdStatus.xmitFrameCnt; hs->tx_words = (pmb->un.varRdStatus.xmitByteCnt * 256); hs->rx_frames = pmb->un.varRdStatus.rcvFrameCnt; --- a/drivers/scsi/lpfc/lpfc_mem.c +++ b/drivers/scsi/lpfc/lpfc_mem.c @@ -23,6 +23,9 @@ #include <linux/pci.h> #include <linux/interrupt.h> +#include <scsi/scsi_device.h> +#include <scsi/scsi_transport_fc.h> + #include "lpfc_hw.h" #include "lpfc_sli.h" #include "lpfc_disc.h" --- a/drivers/scsi/lpfc/lpfc.h +++ b/drivers/scsi/lpfc/lpfc.h @@ -342,9 +342,6 @@ struct lpfc_hba { #define VPD_MASK 0xf /* mask for any vpd data */ struct timer_list els_tmofunc; - - void *link_stats; - /* * stat counters */ @@ -370,6 +367,8 @@ struct lpfc_hba { struct list_head freebufList; struct list_head ctrspbuflist; struct list_head rnidrspbuflist; + + struct fc_host_statistics link_stats; }; --- a/drivers/scsi/lpfc/lpfc_sli.c +++ b/drivers/scsi/lpfc/lpfc_sli.c @@ -27,6 +27,7 @@ #include <scsi/scsi_cmnd.h> #include <scsi/scsi_device.h> #include <scsi/scsi_host.h> +#include <scsi/scsi_transport_fc.h> #include "lpfc_hw.h" #include "lpfc_sli.h" - : send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html