aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/scsi/lpfc/lpfc_scsi.c
diff options
context:
space:
mode:
authorJames Smart <James.Smart@Emulex.Com>2006-07-06 15:50:16 -0400
committerJames Bottomley <jejb@mulgrave.il.steeleye.com>2006-07-09 11:43:43 -0400
commit420b630d6e9ff41dc3e2a2a2808b67907951e094 (patch)
treeea841e7d646a7cfd37358321e922f63e48d70ed7 /drivers/scsi/lpfc/lpfc_scsi.c
parentbcf4dbfaf38502d3919e0601c06afac7d5e42685 (diff)
[SCSI] lpfc 8.1.7: Fix panic in lpfc_sli_validate_fcp_iocb
Fix panic in lpfc_sli_validate_fcp_iocb due to access of scsi_cmnd after returning it to the midlayer Signed-off-by: James Smart <James.Smart@emulex.com> Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
Diffstat (limited to 'drivers/scsi/lpfc/lpfc_scsi.c')
-rw-r--r--drivers/scsi/lpfc/lpfc_scsi.c22
1 files changed, 12 insertions, 10 deletions
diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c
index d45616e70c67..a760a44173df 100644
--- a/drivers/scsi/lpfc/lpfc_scsi.c
+++ b/drivers/scsi/lpfc/lpfc_scsi.c
@@ -616,6 +616,7 @@ lpfc_scsi_prep_cmnd(struct lpfc_hba * phba, struct lpfc_scsi_buf * lpfc_cmd,
616static int 616static int
617lpfc_scsi_prep_task_mgmt_cmd(struct lpfc_hba *phba, 617lpfc_scsi_prep_task_mgmt_cmd(struct lpfc_hba *phba,
618 struct lpfc_scsi_buf *lpfc_cmd, 618 struct lpfc_scsi_buf *lpfc_cmd,
619 unsigned int lun,
619 uint8_t task_mgmt_cmd) 620 uint8_t task_mgmt_cmd)
620{ 621{
621 struct lpfc_sli *psli; 622 struct lpfc_sli *psli;
@@ -634,8 +635,7 @@ lpfc_scsi_prep_task_mgmt_cmd(struct lpfc_hba *phba,
634 piocb = &piocbq->iocb; 635 piocb = &piocbq->iocb;
635 636
636 fcp_cmnd = lpfc_cmd->fcp_cmnd; 637 fcp_cmnd = lpfc_cmd->fcp_cmnd;
637 int_to_scsilun(lpfc_cmd->pCmd->device->lun, 638 int_to_scsilun(lun, &lpfc_cmd->fcp_cmnd->fcp_lun);
638 &lpfc_cmd->fcp_cmnd->fcp_lun);
639 fcp_cmnd->fcpCntl2 = task_mgmt_cmd; 639 fcp_cmnd->fcpCntl2 = task_mgmt_cmd;
640 640
641 piocb->ulpCommand = CMD_FCP_ICMND64_CR; 641 piocb->ulpCommand = CMD_FCP_ICMND64_CR;
@@ -662,14 +662,16 @@ lpfc_scsi_prep_task_mgmt_cmd(struct lpfc_hba *phba,
662 662
663static int 663static int
664lpfc_scsi_tgt_reset(struct lpfc_scsi_buf * lpfc_cmd, struct lpfc_hba * phba, 664lpfc_scsi_tgt_reset(struct lpfc_scsi_buf * lpfc_cmd, struct lpfc_hba * phba,
665 unsigned tgt_id, struct lpfc_rport_data *rdata) 665 unsigned tgt_id, unsigned int lun,
666 struct lpfc_rport_data *rdata)
666{ 667{
667 struct lpfc_iocbq *iocbq; 668 struct lpfc_iocbq *iocbq;
668 struct lpfc_iocbq *iocbqrsp; 669 struct lpfc_iocbq *iocbqrsp;
669 int ret; 670 int ret;
670 671
671 lpfc_cmd->rdata = rdata; 672 lpfc_cmd->rdata = rdata;
672 ret = lpfc_scsi_prep_task_mgmt_cmd(phba, lpfc_cmd, FCP_TARGET_RESET); 673 ret = lpfc_scsi_prep_task_mgmt_cmd(phba, lpfc_cmd, lun,
674 FCP_TARGET_RESET);
673 if (!ret) 675 if (!ret)
674 return FAILED; 676 return FAILED;
675 677
@@ -977,12 +979,12 @@ lpfc_reset_lun_handler(struct scsi_cmnd *cmnd)
977 if (lpfc_cmd == NULL) 979 if (lpfc_cmd == NULL)
978 goto out; 980 goto out;
979 981
980 lpfc_cmd->pCmd = cmnd;
981 lpfc_cmd->timeout = 60; 982 lpfc_cmd->timeout = 60;
982 lpfc_cmd->scsi_hba = phba; 983 lpfc_cmd->scsi_hba = phba;
983 lpfc_cmd->rdata = rdata; 984 lpfc_cmd->rdata = rdata;
984 985
985 ret = lpfc_scsi_prep_task_mgmt_cmd(phba, lpfc_cmd, FCP_LUN_RESET); 986 ret = lpfc_scsi_prep_task_mgmt_cmd(phba, lpfc_cmd, cmnd->device->lun,
987 FCP_LUN_RESET);
986 if (!ret) 988 if (!ret)
987 goto out_free_scsi_buf; 989 goto out_free_scsi_buf;
988 990
@@ -1009,7 +1011,6 @@ lpfc_reset_lun_handler(struct scsi_cmnd *cmnd)
1009 cmd_status = iocbqrsp->iocb.ulpStatus; 1011 cmd_status = iocbqrsp->iocb.ulpStatus;
1010 1012
1011 lpfc_sli_release_iocbq(phba, iocbqrsp); 1013 lpfc_sli_release_iocbq(phba, iocbqrsp);
1012 lpfc_release_scsi_buf(phba, lpfc_cmd);
1013 1014
1014 /* 1015 /*
1015 * All outstanding txcmplq I/Os should have been aborted by the device. 1016 * All outstanding txcmplq I/Os should have been aborted by the device.
@@ -1048,6 +1049,8 @@ lpfc_reset_lun_handler(struct scsi_cmnd *cmnd)
1048 } 1049 }
1049 1050
1050out_free_scsi_buf: 1051out_free_scsi_buf:
1052 lpfc_release_scsi_buf(phba, lpfc_cmd);
1053
1051 lpfc_printf_log(phba, KERN_ERR, LOG_FCP, 1054 lpfc_printf_log(phba, KERN_ERR, LOG_FCP,
1052 "%d:0713 SCSI layer issued LUN reset (%d, %d) " 1055 "%d:0713 SCSI layer issued LUN reset (%d, %d) "
1053 "Data: x%x x%x x%x\n", 1056 "Data: x%x x%x x%x\n",
@@ -1078,7 +1081,6 @@ lpfc_reset_bus_handler(struct scsi_cmnd *cmnd)
1078 1081
1079 /* The lpfc_cmd storage is reused. Set all loop invariants. */ 1082 /* The lpfc_cmd storage is reused. Set all loop invariants. */
1080 lpfc_cmd->timeout = 60; 1083 lpfc_cmd->timeout = 60;
1081 lpfc_cmd->pCmd = cmnd;
1082 lpfc_cmd->scsi_hba = phba; 1084 lpfc_cmd->scsi_hba = phba;
1083 1085
1084 /* 1086 /*
@@ -1098,8 +1100,8 @@ lpfc_reset_bus_handler(struct scsi_cmnd *cmnd)
1098 if (!match) 1100 if (!match)
1099 continue; 1101 continue;
1100 1102
1101 ret = lpfc_scsi_tgt_reset(lpfc_cmd, phba, 1103 ret = lpfc_scsi_tgt_reset(lpfc_cmd, phba, i, cmnd->device->lun,
1102 i, ndlp->rport->dd_data); 1104 ndlp->rport->dd_data);
1103 if (ret != SUCCESS) { 1105 if (ret != SUCCESS) {
1104 lpfc_printf_log(phba, KERN_ERR, LOG_FCP, 1106 lpfc_printf_log(phba, KERN_ERR, LOG_FCP,
1105 "%d:0713 Bus Reset on target %d failed\n", 1107 "%d:0713 Bus Reset on target %d failed\n",