kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   c0acc8b15d1b90e8ed1f345e275e7c278b24dc8c
  2.   patches.suse
  3.   scsi-lpfc-Fix-lpfc-overwrite-of-sg_cnt-field-in-nvme.patch
Blob Blame History Raw 
From: James Smart <jsmart2021@gmail.com>
Date: Sun, 22 Mar 2020 11:12:55 -0700
Subject: scsi: lpfc: Fix lpfc overwrite of sg_cnt field in nvmefc_tgt_fcp_req
Patch-mainline: v5.7-rc1
Git-commit: e7f4034912d08a5fdfd7bdbcf9e86e885de1de21
References: bsc#1164777 bsc#1164780 bsc#1165211

In lpfc_nvmet_prep_fcp_wqe() the line "rsp->sg_cnt = 0" is modifying the
transport's data structure. This may result in the transport believing the
s/g list was already freed, thus may not unmap/free it properly.  Lpfc
driver should not modify the transport data structure.

The zeroing of the sg_cnt is to avoid use of the transport's sgl in a
subsequent loop where the driver builds the necessary requests for the
adapter firmware to complete the IO.

Change LLDD to use a local copy of the transport sg_cnt when building
requests to be passed to the adapter fw.

Link: https://lore.kernel.org/r/20200322181304.37655-4-jsmart2021@gmail.com
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Acked-by: Daniel Wagner <dwagner@suse.de>
---
 drivers/scsi/lpfc/lpfc_nvmet.c |    7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

--- a/drivers/scsi/lpfc/lpfc_nvmet.c
+++ b/drivers/scsi/lpfc/lpfc_nvmet.c
@@ -2581,7 +2581,7 @@ lpfc_nvmet_prep_fcp_wqe(struct lpfc_hba
 	union lpfc_wqe128 *wqe;
 	struct ulp_bde64 *bde;
 	dma_addr_t physaddr;
-	int i, cnt;
+	int i, cnt, nsegs;
 	int do_pbde;
 	int xc = 1;
 
@@ -2612,6 +2612,7 @@ lpfc_nvmet_prep_fcp_wqe(struct lpfc_hba
 				phba->cfg_nvme_seg_cnt);
 		return NULL;
 	}
+	nsegs = rsp->sg_cnt;
 
 	tgtp = (struct lpfc_nvmet_tgtport *)phba->targetport->private;
 	nvmewqe = ctxp->wqeq;
@@ -2851,7 +2852,7 @@ lpfc_nvmet_prep_fcp_wqe(struct lpfc_hba
 		wqe->fcp_trsp.rsvd_12_15[0] = 0;
 
 		/* Use rspbuf, NOT sg list */
-		rsp->sg_cnt = 0;
+		nsegs = 0;
 		sgl->word2 = 0;
 		atomic_inc(&tgtp->xmt_fcp_rsp);
 		break;
@@ -2868,7 +2869,7 @@ lpfc_nvmet_prep_fcp_wqe(struct lpfc_hba
 	nvmewqe->drvrTimeout = (phba->fc_ratov * 3) + LPFC_DRVR_TIMEOUT;
 	nvmewqe->context1 = ndlp;
 
-	for_each_sg(rsp->sg, sgel, rsp->sg_cnt, i) {
+	for_each_sg(rsp->sg, sgel, nsegs, i) {
 		physaddr = sg_dma_address(sgel);
 		cnt = sg_dma_len(sgel);
 		sgl->addr_hi = putPaddrHigh(physaddr);
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.