Bart, We will work on this patch and submit. As of now reposting all the patches of this series except this patch. Thanks, Chaitra -----Original Message----- From: Bart Van Assche [mailto:Bart.VanAssche@xxxxxxx] Sent: Friday, April 6, 2018 8:59 PM To: chaitra.basappa@xxxxxxxxxxxx; linux-scsi@xxxxxxxxxxxxxxx Cc: Sathya.Prakash@xxxxxxxxxxxx; sreekanth.reddy@xxxxxxxxxxxx; suganath-prabu.subramani@xxxxxxxxxxxx Subject: Re: [PATCH v1 03/15] mpt3sas: Add sanity checks for scsi tracker before accessing it. On Thu, 2018-04-05 at 11:46 -0400, Chaitra P B wrote: > Check scsi tracker 'st' for NULL and st->smid for zero (as driver uses > smid starting from one) before accessing it. > These checks are added as there are possibilities for getting valid > scsi_cmd when driver calls scsi_host_find_tag() API when it loops > using smid(i.e tag) from one to hba queue depth but still scsi tracker > st for this corresponding scsi_cmd is not yet initialized. > > For example below are such scenario: > Sometimes it is possible that scsi_cmd might have created at SML but > it might not be issued to the driver (or driver might have returned > the command with Host busy status) as the host reset operation / TMs > is in progress.In such case where the scsi_cmd is not yet processed by > driver then the scsi tracker 'st' of that scsi_cmd & the fields of > this 'st' will be uninitialized. > And hence this patch add checks for 'st' in IOCTL path for TMs issued > from applications and also in host reset path where driver flushes all > the outstanding commands as part of host reset operation. What is needed is an explanation about which mechanism serializes the execution of scsih_qcmd() and mpt3sas_base_hard_reset_handler(), at least if such a mechanism exists. The above text does not mention anything about such a synchronization mechanism. > scmd = mpt3sas_scsih_scsi_lookup_get(ioc, smid); > - if (!scmd) > + if (scmd == NULL || scmd->device == NULL || > + scmd->device->hostdata == NULL) As Christoph explained before, scmd->device is never NULL. Additionally, the scmd->device->hostdata check looks very suspicious. That check should scmd->device->either be left out or the race that causes a SCSI device to be removed concurrently with this function should be fixed. If you are unable to motivate why this patch is correct, please repost this series without this patch. Thanks, Bart.