Message ID | 20241217110408.126413-1-kanie@linux.alibaba.com |
---|---|
State | Superseded |
Headers | show |
Series | [v2] scsi: mpi3mr: fix possible crash when setup bsg fail | expand |
Gentle ping... Best Regards, Guixin Liu 在 2024/12/17 19:04, Guixin Liu 写道: > If bsg_setup_queue() fails, the bsg_queue is assigned a non-NULL value. > Consequently, in mpi3mr_bsg_exit(), the condition > "if(!mrioc->bsg_queue)" will not be satisfied, preventing execution > from entering bsg_remove_queue(), which could lead to a crash. > > Fixes: 4268fa751365 ("scsi: mpi3mr: Add bsg device support") > Signed-off-by: Guixin Liu <kanie@linux.alibaba.com> > --- > Changes from v1 to v2: > - Add return statement when setup bsg queue fail, sorry for the v1 > trouble. > drivers/scsi/mpi3mr/mpi3mr_app.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/drivers/scsi/mpi3mr/mpi3mr_app.c b/drivers/scsi/mpi3mr/mpi3mr_app.c > index 10b8e4dc64f8..7589f48aebc8 100644 > --- a/drivers/scsi/mpi3mr/mpi3mr_app.c > +++ b/drivers/scsi/mpi3mr/mpi3mr_app.c > @@ -2951,6 +2951,7 @@ void mpi3mr_bsg_init(struct mpi3mr_ioc *mrioc) > .max_hw_sectors = MPI3MR_MAX_APP_XFER_SECTORS, > .max_segments = MPI3MR_MAX_APP_XFER_SEGMENTS, > }; > + struct request_queue *q; > > device_initialize(bsg_dev); > > @@ -2966,14 +2967,17 @@ void mpi3mr_bsg_init(struct mpi3mr_ioc *mrioc) > return; > } > > - mrioc->bsg_queue = bsg_setup_queue(bsg_dev, dev_name(bsg_dev), &lim, > + q = bsg_setup_queue(bsg_dev, dev_name(bsg_dev), &lim, > mpi3mr_bsg_request, NULL, 0); > - if (IS_ERR(mrioc->bsg_queue)) { > + if (IS_ERR(q)) { > ioc_err(mrioc, "%s: bsg registration failed\n", > dev_name(bsg_dev)); > device_del(bsg_dev); > put_device(bsg_dev); > + return; > } > + > + mrioc->bsg_queue = q; > } > > /**
On 12/19/24 5:37 PM, Guixin Liu wrote:
> Gentle ping...
Has this patch been tested?
Bart.
在 2024/12/21 01:19, Bart Van Assche 写道: > On 12/19/24 5:37 PM, Guixin Liu wrote: >> Gentle ping... > > Has this patch been tested? > > Bart. Yes, I will send a v3 patch with the crash stack, Best Regards, Guixin Liu
diff --git a/drivers/scsi/mpi3mr/mpi3mr_app.c b/drivers/scsi/mpi3mr/mpi3mr_app.c index 10b8e4dc64f8..7589f48aebc8 100644 --- a/drivers/scsi/mpi3mr/mpi3mr_app.c +++ b/drivers/scsi/mpi3mr/mpi3mr_app.c @@ -2951,6 +2951,7 @@ void mpi3mr_bsg_init(struct mpi3mr_ioc *mrioc) .max_hw_sectors = MPI3MR_MAX_APP_XFER_SECTORS, .max_segments = MPI3MR_MAX_APP_XFER_SEGMENTS, }; + struct request_queue *q; device_initialize(bsg_dev); @@ -2966,14 +2967,17 @@ void mpi3mr_bsg_init(struct mpi3mr_ioc *mrioc) return; } - mrioc->bsg_queue = bsg_setup_queue(bsg_dev, dev_name(bsg_dev), &lim, + q = bsg_setup_queue(bsg_dev, dev_name(bsg_dev), &lim, mpi3mr_bsg_request, NULL, 0); - if (IS_ERR(mrioc->bsg_queue)) { + if (IS_ERR(q)) { ioc_err(mrioc, "%s: bsg registration failed\n", dev_name(bsg_dev)); device_del(bsg_dev); put_device(bsg_dev); + return; } + + mrioc->bsg_queue = q; } /**
If bsg_setup_queue() fails, the bsg_queue is assigned a non-NULL value. Consequently, in mpi3mr_bsg_exit(), the condition "if(!mrioc->bsg_queue)" will not be satisfied, preventing execution from entering bsg_remove_queue(), which could lead to a crash. Fixes: 4268fa751365 ("scsi: mpi3mr: Add bsg device support") Signed-off-by: Guixin Liu <kanie@linux.alibaba.com> --- Changes from v1 to v2: - Add return statement when setup bsg queue fail, sorry for the v1 trouble. drivers/scsi/mpi3mr/mpi3mr_app.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-)