diff options
| author | James Smart <jsmart2021@gmail.com> | 2017-04-22 02:49:08 +0200 |
|---|---|---|
| committer | Christoph Hellwig <hch@lst.de> | 2017-04-25 20:00:58 +0200 |
| commit | bbe3012b73b592dfe5f4340a14373840f51887b6 (patch) | |
| tree | bcc1fa183ac7c391c3a002c3bfd6bb6446a99fe8 /drivers/scsi/lpfc/lpfc_nvme.h | |
| parent | lpfc revison 11.2.0.12 (diff) | |
| download | linux-bbe3012b73b592dfe5f4340a14373840f51887b6.tar.xz linux-bbe3012b73b592dfe5f4340a14373840f51887b6.zip | |
lpfc: Fix memory corruption of the lpfc_ncmd->list pointers
lpfc was changing the private pointer that is set/maintained by
the nvme_fc transport. This caused two issues: a) the transport, on
teardown may erroneous attempt to free whatever address was set;
and b) lfpc uses any value set in lpfc_nvme_fcp_abort() and
assumes its a valid io request.
Correct issue by properly defining a context structure for lpfc.
Lpfc also updated to clear the private context structure on io
completion.
Since this bug caused scrutiny of the way lpfc moves local request
structures between lists, also cleaned up list_del()'s to
list_del_inits()'s.
This is a nvme-specific bug. The patch was cut against the
linux-block tree, for-4.12/block tree. It should be pulled in through
that tree.
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <james.smart@broadcom.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Diffstat (limited to 'drivers/scsi/lpfc/lpfc_nvme.h')
| -rw-r--r-- | drivers/scsi/lpfc/lpfc_nvme.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/drivers/scsi/lpfc/lpfc_nvme.h b/drivers/scsi/lpfc/lpfc_nvme.h index 2582f46edf05..ec32f45daa66 100644 --- a/drivers/scsi/lpfc/lpfc_nvme.h +++ b/drivers/scsi/lpfc/lpfc_nvme.h @@ -97,3 +97,7 @@ struct lpfc_nvme_buf { uint64_t ts_data_nvme; #endif }; + +struct lpfc_nvme_fcpreq_priv { + struct lpfc_nvme_buf *nvme_buf; +}; |