diff options
| author | Robert Love <robert.w.love@intel.com> | 2009-02-27 13:55:34 -0500 |
|---|---|---|
| committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2009-03-06 16:44:36 -0500 |
| commit | efaf5c085dd2d31757b0ff7886970dfddd8d1808 (patch) | |
| tree | c88ab287ed1b78ecad88370c1c8929f17f13c271 /drivers/scsi | |
| parent | d3b33327cab0c8e9cae2c12d908ca79433c0d1ac (diff) | |
[SCSI] libfc: check for err when recv and state is incorrect
If we've just created an interface and the an rport is
logging in we may have a request on the wire (say PRLI).
If we destroy the interface, we'll go through each rport
on the disc->rports list and set each rport's state to NONE.
Then the lport will reset the EM. The EM reset will send a
CLOSED event to the prli_resp() handler which will notice
that the state != PRLI. In this case it frees the frame
pointer, decrements the refcount and unlocks the rport.
The problem is that there isn't a frame in this case. It's
just a pointer with an embedded error code. The free causes
an Oops.
This patch moves the error checking to be before the state
checking.
Signed-off-by: Robert Love <robert.w.love@intel.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Diffstat (limited to 'drivers/scsi')
| -rw-r--r-- | drivers/scsi/libfc/fc_lport.c | 50 | ||||
| -rw-r--r-- | drivers/scsi/libfc/fc_rport.c | 30 |
2 files changed, 40 insertions, 40 deletions
diff --git a/drivers/scsi/libfc/fc_lport.c b/drivers/scsi/libfc/fc_lport.c index 07335ae2947c..c00de2244c78 100644 --- a/drivers/scsi/libfc/fc_lport.c +++ b/drivers/scsi/libfc/fc_lport.c | |||
| @@ -1031,17 +1031,17 @@ static void fc_lport_rft_id_resp(struct fc_seq *sp, struct fc_frame *fp, | |||
| 1031 | 1031 | ||
| 1032 | FC_DEBUG_LPORT("Received a RFT_ID response\n"); | 1032 | FC_DEBUG_LPORT("Received a RFT_ID response\n"); |
| 1033 | 1033 | ||
| 1034 | if (IS_ERR(fp)) { | ||
| 1035 | fc_lport_error(lport, fp); | ||
| 1036 | goto err; | ||
| 1037 | } | ||
| 1038 | |||
| 1034 | if (lport->state != LPORT_ST_RFT_ID) { | 1039 | if (lport->state != LPORT_ST_RFT_ID) { |
| 1035 | FC_DBG("Received a RFT_ID response, but in state %s\n", | 1040 | FC_DBG("Received a RFT_ID response, but in state %s\n", |
| 1036 | fc_lport_state(lport)); | 1041 | fc_lport_state(lport)); |
| 1037 | goto out; | 1042 | goto out; |
| 1038 | } | 1043 | } |
| 1039 | 1044 | ||
| 1040 | if (IS_ERR(fp)) { | ||
| 1041 | fc_lport_error(lport, fp); | ||
| 1042 | goto err; | ||
| 1043 | } | ||
| 1044 | |||
| 1045 | fh = fc_frame_header_get(fp); | 1045 | fh = fc_frame_header_get(fp); |
| 1046 | ct = fc_frame_payload_get(fp, sizeof(*ct)); | 1046 | ct = fc_frame_payload_get(fp, sizeof(*ct)); |
| 1047 | 1047 | ||
| @@ -1083,17 +1083,17 @@ static void fc_lport_rpn_id_resp(struct fc_seq *sp, struct fc_frame *fp, | |||
| 1083 | 1083 | ||
| 1084 | FC_DEBUG_LPORT("Received a RPN_ID response\n"); | 1084 | FC_DEBUG_LPORT("Received a RPN_ID response\n"); |
| 1085 | 1085 | ||
| 1086 | if (IS_ERR(fp)) { | ||
| 1087 | fc_lport_error(lport, fp); | ||
| 1088 | goto err; | ||
| 1089 | } | ||
| 1090 | |||
| 1086 | if (lport->state != LPORT_ST_RPN_ID) { | 1091 | if (lport->state != LPORT_ST_RPN_ID) { |
| 1087 | FC_DBG("Received a RPN_ID response, but in state %s\n", | 1092 | FC_DBG("Received a RPN_ID response, but in state %s\n", |
| 1088 | fc_lport_state(lport)); | 1093 | fc_lport_state(lport)); |
| 1089 | goto out; | 1094 | goto out; |
| 1090 | } | 1095 | } |
| 1091 | 1096 | ||
| 1092 | if (IS_ERR(fp)) { | ||
| 1093 | fc_lport_error(lport, fp); | ||
| 1094 | goto err; | ||
| 1095 | } | ||
| 1096 | |||
| 1097 | fh = fc_frame_header_get(fp); | 1097 | fh = fc_frame_header_get(fp); |
| 1098 | ct = fc_frame_payload_get(fp, sizeof(*ct)); | 1098 | ct = fc_frame_payload_get(fp, sizeof(*ct)); |
| 1099 | if (fh && ct && fh->fh_type == FC_TYPE_CT && | 1099 | if (fh && ct && fh->fh_type == FC_TYPE_CT && |
| @@ -1133,17 +1133,17 @@ static void fc_lport_scr_resp(struct fc_seq *sp, struct fc_frame *fp, | |||
| 1133 | 1133 | ||
| 1134 | FC_DEBUG_LPORT("Received a SCR response\n"); | 1134 | FC_DEBUG_LPORT("Received a SCR response\n"); |
| 1135 | 1135 | ||
| 1136 | if (IS_ERR(fp)) { | ||
| 1137 | fc_lport_error(lport, fp); | ||
| 1138 | goto err; | ||
| 1139 | } | ||
| 1140 | |||
| 1136 | if (lport->state != LPORT_ST_SCR) { | 1141 | if (lport->state != LPORT_ST_SCR) { |
| 1137 | FC_DBG("Received a SCR response, but in state %s\n", | 1142 | FC_DBG("Received a SCR response, but in state %s\n", |
| 1138 | fc_lport_state(lport)); | 1143 | fc_lport_state(lport)); |
| 1139 | goto out; | 1144 | goto out; |
| 1140 | } | 1145 | } |
| 1141 | 1146 | ||
| 1142 | if (IS_ERR(fp)) { | ||
| 1143 | fc_lport_error(lport, fp); | ||
| 1144 | goto err; | ||
| 1145 | } | ||
| 1146 | |||
| 1147 | op = fc_frame_payload_op(fp); | 1147 | op = fc_frame_payload_op(fp); |
| 1148 | if (op == ELS_LS_ACC) | 1148 | if (op == ELS_LS_ACC) |
| 1149 | fc_lport_enter_ready(lport); | 1149 | fc_lport_enter_ready(lport); |
| @@ -1359,17 +1359,17 @@ static void fc_lport_logo_resp(struct fc_seq *sp, struct fc_frame *fp, | |||
| 1359 | 1359 | ||
| 1360 | FC_DEBUG_LPORT("Received a LOGO response\n"); | 1360 | FC_DEBUG_LPORT("Received a LOGO response\n"); |
| 1361 | 1361 | ||
| 1362 | if (IS_ERR(fp)) { | ||
| 1363 | fc_lport_error(lport, fp); | ||
| 1364 | goto err; | ||
| 1365 | } | ||
| 1366 | |||
| 1362 | if (lport->state != LPORT_ST_LOGO) { | 1367 | if (lport->state != LPORT_ST_LOGO) { |
| 1363 | FC_DBG("Received a LOGO response, but in state %s\n", | 1368 | FC_DBG("Received a LOGO response, but in state %s\n", |
| 1364 | fc_lport_state(lport)); | 1369 | fc_lport_state(lport)); |
| 1365 | goto out; | 1370 | goto out; |
| 1366 | } | 1371 | } |
| 1367 | 1372 | ||
| 1368 | if (IS_ERR(fp)) { | ||
| 1369 | fc_lport_error(lport, fp); | ||
| 1370 | goto err; | ||
| 1371 | } | ||
| 1372 | |||
| 1373 | op = fc_frame_payload_op(fp); | 1373 | op = fc_frame_payload_op(fp); |
| 1374 | if (op == ELS_LS_ACC) | 1374 | if (op == ELS_LS_ACC) |
| 1375 | fc_lport_enter_reset(lport); | 1375 | fc_lport_enter_reset(lport); |
| @@ -1443,17 +1443,17 @@ static void fc_lport_flogi_resp(struct fc_seq *sp, struct fc_frame *fp, | |||
| 1443 | 1443 | ||
| 1444 | FC_DEBUG_LPORT("Received a FLOGI response\n"); | 1444 | FC_DEBUG_LPORT("Received a FLOGI response\n"); |
| 1445 | 1445 | ||
| 1446 | if (IS_ERR(fp)) { | ||
| 1447 | fc_lport_error(lport, fp); | ||
| 1448 | goto err; | ||
| 1449 | } | ||
| 1450 | |||
| 1446 | if (lport->state != LPORT_ST_FLOGI) { | 1451 | if (lport->state != LPORT_ST_FLOGI) { |
| 1447 | FC_DBG("Received a FLOGI response, but in state %s\n", | 1452 | FC_DBG("Received a FLOGI response, but in state %s\n", |
| 1448 | fc_lport_state(lport)); | 1453 | fc_lport_state(lport)); |
| 1449 | goto out; | 1454 | goto out; |
| 1450 | } | 1455 | } |
| 1451 | 1456 | ||
| 1452 | if (IS_ERR(fp)) { | ||
| 1453 | fc_lport_error(lport, fp); | ||
| 1454 | goto err; | ||
| 1455 | } | ||
| 1456 | |||
| 1457 | fh = fc_frame_header_get(fp); | 1457 | fh = fc_frame_header_get(fp); |
| 1458 | did = ntoh24(fh->fh_d_id); | 1458 | did = ntoh24(fh->fh_d_id); |
| 1459 | if (fc_frame_payload_op(fp) == ELS_LS_ACC && did != 0) { | 1459 | if (fc_frame_payload_op(fp) == ELS_LS_ACC && did != 0) { |
diff --git a/drivers/scsi/libfc/fc_rport.c b/drivers/scsi/libfc/fc_rport.c index 81b3ca188789..4f23a9bb15a1 100644 --- a/drivers/scsi/libfc/fc_rport.c +++ b/drivers/scsi/libfc/fc_rport.c | |||
| @@ -505,17 +505,17 @@ static void fc_rport_plogi_resp(struct fc_seq *sp, struct fc_frame *fp, | |||
| 505 | FC_DEBUG_RPORT("Received a PLOGI response from port (%6x)\n", | 505 | FC_DEBUG_RPORT("Received a PLOGI response from port (%6x)\n", |
| 506 | rport->port_id); | 506 | rport->port_id); |
| 507 | 507 | ||
| 508 | if (IS_ERR(fp)) { | ||
| 509 | fc_rport_error_retry(rport, fp); | ||
| 510 | goto err; | ||
| 511 | } | ||
| 512 | |||
| 508 | if (rdata->rp_state != RPORT_ST_PLOGI) { | 513 | if (rdata->rp_state != RPORT_ST_PLOGI) { |
| 509 | FC_DBG("Received a PLOGI response, but in state %s\n", | 514 | FC_DBG("Received a PLOGI response, but in state %s\n", |
| 510 | fc_rport_state(rport)); | 515 | fc_rport_state(rport)); |
| 511 | goto out; | 516 | goto out; |
| 512 | } | 517 | } |
| 513 | 518 | ||
| 514 | if (IS_ERR(fp)) { | ||
| 515 | fc_rport_error_retry(rport, fp); | ||
| 516 | goto err; | ||
| 517 | } | ||
| 518 | |||
| 519 | op = fc_frame_payload_op(fp); | 519 | op = fc_frame_payload_op(fp); |
| 520 | if (op == ELS_LS_ACC && | 520 | if (op == ELS_LS_ACC && |
| 521 | (plp = fc_frame_payload_get(fp, sizeof(*plp))) != NULL) { | 521 | (plp = fc_frame_payload_get(fp, sizeof(*plp))) != NULL) { |
| @@ -614,17 +614,17 @@ static void fc_rport_prli_resp(struct fc_seq *sp, struct fc_frame *fp, | |||
| 614 | FC_DEBUG_RPORT("Received a PRLI response from port (%6x)\n", | 614 | FC_DEBUG_RPORT("Received a PRLI response from port (%6x)\n", |
| 615 | rport->port_id); | 615 | rport->port_id); |
| 616 | 616 | ||
| 617 | if (IS_ERR(fp)) { | ||
| 618 | fc_rport_error_retry(rport, fp); | ||
| 619 | goto err; | ||
| 620 | } | ||
| 621 | |||
| 617 | if (rdata->rp_state != RPORT_ST_PRLI) { | 622 | if (rdata->rp_state != RPORT_ST_PRLI) { |
| 618 | FC_DBG("Received a PRLI response, but in state %s\n", | 623 | FC_DBG("Received a PRLI response, but in state %s\n", |
| 619 | fc_rport_state(rport)); | 624 | fc_rport_state(rport)); |
| 620 | goto out; | 625 | goto out; |
| 621 | } | 626 | } |
| 622 | 627 | ||
| 623 | if (IS_ERR(fp)) { | ||
| 624 | fc_rport_error_retry(rport, fp); | ||
| 625 | goto err; | ||
| 626 | } | ||
| 627 | |||
| 628 | op = fc_frame_payload_op(fp); | 628 | op = fc_frame_payload_op(fp); |
| 629 | if (op == ELS_LS_ACC) { | 629 | if (op == ELS_LS_ACC) { |
| 630 | pp = fc_frame_payload_get(fp, sizeof(*pp)); | 630 | pp = fc_frame_payload_get(fp, sizeof(*pp)); |
| @@ -764,17 +764,17 @@ static void fc_rport_rtv_resp(struct fc_seq *sp, struct fc_frame *fp, | |||
| 764 | FC_DEBUG_RPORT("Received a RTV response from port (%6x)\n", | 764 | FC_DEBUG_RPORT("Received a RTV response from port (%6x)\n", |
| 765 | rport->port_id); | 765 | rport->port_id); |
| 766 | 766 | ||
| 767 | if (IS_ERR(fp)) { | ||
| 768 | fc_rport_error(rport, fp); | ||
| 769 | goto err; | ||
| 770 | } | ||
| 771 | |||
| 767 | if (rdata->rp_state != RPORT_ST_RTV) { | 772 | if (rdata->rp_state != RPORT_ST_RTV) { |
| 768 | FC_DBG("Received a RTV response, but in state %s\n", | 773 | FC_DBG("Received a RTV response, but in state %s\n", |
| 769 | fc_rport_state(rport)); | 774 | fc_rport_state(rport)); |
| 770 | goto out; | 775 | goto out; |
| 771 | } | 776 | } |
| 772 | 777 | ||
| 773 | if (IS_ERR(fp)) { | ||
| 774 | fc_rport_error(rport, fp); | ||
| 775 | goto err; | ||
| 776 | } | ||
| 777 | |||
| 778 | op = fc_frame_payload_op(fp); | 778 | op = fc_frame_payload_op(fp); |
| 779 | if (op == ELS_LS_ACC) { | 779 | if (op == ELS_LS_ACC) { |
| 780 | struct fc_els_rtv_acc *rtv; | 780 | struct fc_els_rtv_acc *rtv; |