scsi: lpfc: Fix crash in lpfc_sli_ringtxcmpl_put when nvmet gets an abort request.

When running nvme detach-ns /dev/nvme0n1 -n 1 command, the nvmet lpfc driver crashes with this stack dump: kernel BUG at /root/NVME/lpfc_8.4/lpfc_sli.c:1393! invalid opcode: 0000 [#1] SMP Workqueue: nvmet-fc-cpu0 nvmet_fc_do_work_on_cpu [nvmet_fc] lpfc_sli4_issue_wqe+0x357/0x440 [lpfc] lpfc_nvmet_xmt_fcp_abort+0x36b/0x5c0 [lpfc] nvmet_fc_abort_op+0x30/0x50 [nvmet_fc] nvmet_fc_do_work_on_cpu+0xd9/0x130 [nvmet_fc] process_one_work+0x14e/0x410 worker_thread+0x116/0x490 kthread+0xc7/0xe0 ret_from_fork+0x3f/0x70 Crash is due to an uninitialized iocbq->vport pointer. Explicitly set the iocbq->vport field to phba->pport in lpfc_nvmet_sol_fcp_issue_abort as it does all abort iocbq initialization in the routine. Using phba->pport is ok because target does not support NPIV instances. Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com> Signed-off-by: James Smart <james.smart@broadcom.com> Reviewed-by: Hannes Reinecke <hare@suse.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

scsi: lpfc: Fix crash in lpfc_sli_ringtxcmpl_put when nvmet gets an abort request.
When running nvme detach-ns /dev/nvme0n1 -n 1 command, the nvmet lpfc driver crashes with this stack dump: kernel BUG at /root/NVME/lpfc_8.4/lpfc_sli.c:1393! invalid opcode: 0000 [#1] SMP Workqueue: nvmet-fc-cpu0 nvmet_fc_do_work_on_cpu [nvmet_fc] lpfc_sli4_issue_wqe+0x357/0x440 [lpfc] lpfc_nvmet_xmt_fcp_abort+0x36b/0x5c0 [lpfc] nvmet_fc_abort_op+0x30/0x50 [nvmet_fc] nvmet_fc_do_work_on_cpu+0xd9/0x130 [nvmet_fc] process_one_work+0x14e/0x410 worker_thread+0x116/0x490 kthread+0xc7/0xe0 ret_from_fork+0x3f/0x70 Crash is due to an uninitialized iocbq->vport pointer. Explicitly set the iocbq->vport field to phba->pport in lpfc_nvmet_sol_fcp_issue_abort as it does all abort iocbq initialization in the routine. Using phba->pport is ok because target does not support NPIV instances. Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com> Signed-off-by: James Smart <james.smart@broadcom.com> Reviewed-by: Hannes Reinecke <hare@suse.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
4550f9c7 · James Smart · Martin K. Petersen · 11e644e2 · 4550f9c7
Commit 4550f9c7 authored Jun 15, 2017 by James Smart Committed by Martin K. Petersen Jun 19, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

drivers/scsi/lpfc/lpfc_nvmet.c drivers/scsi/lpfc/lpfc_nvmet.c +1 -0

No files found.
--- a/drivers/scsi/lpfc/lpfc_nvmet.c
+++ b/drivers/scsi/lpfc/lpfc_nvmet.c
@@ -2523,6 +2523,7 @@ lpfc_nvmet_sol_fcp_issue_abort(struct lpfc_hba *phba,
 	abts_wqeq->iocb_cmpl = 0;
 	abts_wqeq->iocb_flag |= LPFC_IO_NVME;
 	abts_wqeq->context2 = ctxp;
+	abts_wqeq->vport = phba->pport;
 	rc = lpfc_sli4_issue_wqe(phba, LPFC_FCP_RING, abts_wqeq);
 	spin_unlock_irqrestore(&phba->hbalock, flags);
 	if (rc == WQE_SUCCESS) {