> On Oct 20, 2017, at 6:17 AM, Douglas Miller <dougmill@xxxxxxxxxxxxxxxxxx> wrote: > > On error, kthread_create() returns an errno-encoded pointer, not NULL. > The routine qla2x00_probe_one() detects the error case and jumps > to probe_failed, but has already assigned the return value from > kthread_create() to ha->dpc_thread. Then probe_failed checks to see > if ha->dpc_thread is not NULL before doing cleanup on it. Since in the > error case this is also not NULL, it ends up trying to access an invalid > task pointer. > > Solution is to assign NULL to ha->dpc_thread in the error path to avoid > kthread cleanup in that case. > > Signed-off-by: Douglas Miller <dougmill@xxxxxxxxxxxxxxxxxx> > --- > drivers/scsi/qla2xxx/qla_os.c | 1 + > 1 files changed, 1 insertions(+), 0 deletions(-) > > diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c > index 9372098..bd39bf2 100644 > --- a/drivers/scsi/qla2xxx/qla_os.c > +++ b/drivers/scsi/qla2xxx/qla_os.c > @@ -3212,6 +3212,7 @@ static void qla2x00_iocb_work_fn(struct work_struct *work) > ql_log(ql_log_fatal, base_vha, 0x00ed, > "Failed to start DPC thread.\n"); > ret = PTR_ERR(ha->dpc_thread); > + ha->dpc_thread = NULL; > goto probe_failed; > } > ql_dbg(ql_dbg_init, base_vha, 0x00ee, > -- > 1.7.1 > Looks good. Acked-by: Himanshu Madhani <himanshu.madhani@xxxxxxxxxx> Thanks, - Himanshu
