Check scsi tracker 'st' for NULL and st->smid for zero (as driver uses smid
starting from one) before accessing it.
These checks are added as there are possibilities for getting valid
scsi_cmd when driver calls scsi_host_find_tag() API when it loops using
smid(i.e tag) from one to hba queue depth but still scsi tracker st for
this corresponding scsi_cmd is not yet initialized.
For example below are such scenario:
Sometimes it is possible that scsi_cmd might have created at SML but it
might not be issued to the driver (or driver might have returned the
command with Host busy status) as the host reset operation / TMs is in
progress.In such case where the scsi_cmd is not yet processed by driver
then the scsi tracker 'st' of that scsi_cmd & the fields of this 'st' will
be uninitialized.
And hence this patch add checks for 'st' in IOCTL path for TMs issued from
applications and also in host reset path where driver flushes all the
outstanding commands as part of host reset operation.
Signed-off-by: Chaitra P B <chaitra.basappa@xxxxxxxxxxxx>
Signed-off-by: Suganath Prabu S <suganath-prabu.subramani@xxxxxxxxxxxx>
---
drivers/scsi/mpt3sas/mpt3sas_ctl.c | 5 ++++-
drivers/scsi/mpt3sas/mpt3sas_scsih.c | 9 ++++++++-
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/mpt3sas/mpt3sas_ctl.c b/drivers/scsi/mpt3sas/mpt3sas_ctl.c
index c1b17d6..2f27d5c 100644
--- a/drivers/scsi/mpt3sas/mpt3sas_ctl.c
+++ b/drivers/scsi/mpt3sas/mpt3sas_ctl.c
@@ -590,7 +590,8 @@ _ctl_set_task_mid(struct MPT3SAS_ADAPTER *ioc, struct mpt3_ioctl_command *karg,
struct scsiio_tracker *st;
scmd = mpt3sas_scsih_scsi_lookup_get(ioc, smid);
- if (!scmd)
+ if (scmd == NULL || scmd->device == NULL ||
+ scmd->device->hostdata == NULL)
continue;
if (lun != scmd->device->lun)
continue;
@@ -600,6 +601,8 @@ _ctl_set_task_mid(struct MPT3SAS_ADAPTER *ioc, struct mpt3_ioctl_command *karg,
if (priv_data->sas_target->handle != handle)
continue;
st = scsi_cmd_priv(scmd);
+ if ((!st) || (st->smid == 0))
+ continue;
tm_request->TaskMID = cpu_to_le16(st->smid);
found = 1;
}
diff --git a/drivers/scsi/mpt3sas/mpt3sas_scsih.c b/drivers/scsi/mpt3sas/mpt3sas_scsih.c
index c9cce65..6b1aaa0 100644
--- a/drivers/scsi/mpt3sas/mpt3sas_scsih.c
+++ b/drivers/scsi/mpt3sas/mpt3sas_scsih.c
@@ -1465,7 +1465,7 @@ mpt3sas_scsih_scsi_lookup_get(struct MPT3SAS_ADAPTER *ioc, u16 smid)
scmd = scsi_host_find_tag(ioc->shost, unique_tag);
if (scmd) {
st = scsi_cmd_priv(scmd);
- if (st->cb_idx == 0xFF)
+ if ((!st) || (st->cb_idx == 0xFF) || (st->smid == 0))
scmd = NULL;
}
}
@@ -4451,6 +4451,13 @@ _scsih_flush_running_cmds(struct MPT3SAS_ADAPTER *ioc)
count++;
_scsih_set_satl_pending(scmd, false);
st = scsi_cmd_priv(scmd);
+ /*
+ * It may be possible that SCSI scmd got prepared by SML
+ * but it has not issued to the driver, for these type of
+ * scmd's don't do anything"
+ */
+ if (st && st->smid == 0)
+ continue;
mpt3sas_base_clear_st(ioc, st);
scsi_dma_unmap(scmd);
if (ioc->pci_error_recovery)
--
1.8.3.1
