aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRaghava Aditya Renukunta <RaghavaAditya.Renukunta@microsemi.com>2017-03-14 12:20:19 -0400
committerMartin K. Petersen <martin.petersen@oracle.com>2017-03-15 19:00:36 -0400
commite498520edec6655e93ac5e768b04f4fd2299fe4d (patch)
treeb67c2b8aec38197655f0e3979f5b7daab11c947c
parent5f7c2beef819d9ea2d1b814edf6f5981420e9cf8 (diff)
scsi: aacraid: Fix potential null access
Currently, command threads fails to return ioctls commands for older controller versions, since it returns when all the fibs have been allocated. Another issue is even all the fibs have not been allocated, the correct allocated fibs is not updated nor freed. Fixes: 113156bcea9ef1e6 (scsi: aacraid: Reworked aac_command_thread) Reported-by: Tomas Henzl <thenzl@redhat.com> Signed-off-by: Raghava Aditya Renukunta <RaghavaAditya.Renukunta@microsemi.com> Reviewed-by: Dave Carroll <david.carroll@microsemi.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Diffstat
-rw-r--r--drivers/scsi/aacraid/commsup.c14
1 files changed, 6 insertions, 8 deletions
diff --git a/drivers/scsi/aacraid/commsup.c b/drivers/scsi/aacraid/commsup.c
index a3ad04293487..c8172f16cf33 100644
--- a/drivers/scsi/aacraid/commsup.c
+++ b/drivers/scsi/aacraid/commsup.c
@@ -2056,7 +2056,6 @@ static int fillup_pools(struct aac_dev *dev, struct hw_fib **hw_fib_pool,
2056{ 2056{
2057 struct hw_fib **hw_fib_p; 2057 struct hw_fib **hw_fib_p;
2058 struct fib **fib_p; 2058 struct fib **fib_p;
2059 int rcode = 1;
2060 2059
2061 hw_fib_p = hw_fib_pool; 2060 hw_fib_p = hw_fib_pool;
2062 fib_p = fib_pool; 2061 fib_p = fib_pool;
@@ -2074,11 +2073,11 @@ static int fillup_pools(struct aac_dev *dev, struct hw_fib **hw_fib_pool,
2074 } 2073 }
2075 } 2074 }
2076 2075
2076 /*
2077 * Get the actual number of allocated fibs
2078 */
2077 num = hw_fib_p - hw_fib_pool; 2079 num = hw_fib_p - hw_fib_pool;
2078 if (!num) 2080 return num;
2079 rcode = 0;
2080
2081 return rcode;
2082} 2081}
2083 2082
2084static void wakeup_fibctx_threads(struct aac_dev *dev, 2083static void wakeup_fibctx_threads(struct aac_dev *dev,
@@ -2186,7 +2185,6 @@ static void aac_process_events(struct aac_dev *dev)
2186 struct fib *fib; 2185 struct fib *fib;
2187 unsigned long flags; 2186 unsigned long flags;
2188 spinlock_t *t_lock; 2187 spinlock_t *t_lock;
2189 unsigned int rcode;
2190 2188
2191 t_lock = dev->queues->queue[HostNormCmdQueue].lock; 2189 t_lock = dev->queues->queue[HostNormCmdQueue].lock;
2192 spin_lock_irqsave(t_lock, flags); 2190 spin_lock_irqsave(t_lock, flags);
@@ -2269,8 +2267,8 @@ static void aac_process_events(struct aac_dev *dev)
2269 * Fill up fib pointer pools with actual fibs 2267 * Fill up fib pointer pools with actual fibs
2270 * and hw_fibs 2268 * and hw_fibs
2271 */ 2269 */
2272 rcode = fillup_pools(dev, hw_fib_pool, fib_pool, num); 2270 num = fillup_pools(dev, hw_fib_pool, fib_pool, num);
2273 if (!rcode) 2271 if (!num)
2274 goto free_mem; 2272 goto free_mem;
2275 2273
2276 /* 2274 /*
generated by cgit v1.2.2 (git 2.25.0) at 2025-08-28 18:37:57 -0400