From bff74ada05ccf29f8d1a91835accc21385a9ec3a Mon Sep 17 00:00:00 2001

From: Himanshu Madhani <hmadhani@redhat.com>

Date: Thu, 1 Aug 2019 15:54:46 -0400

Subject: [PATCH 026/124] [scsi] scsi: qla2xxx: Fix panic in

 qla_dfs_tgt_counters_show

Message-id: <20190801155618.12650-27-hmadhani@redhat.com>

Patchwork-id: 267803

O-Subject: [RHEL 7.8 e-stor PATCH 026/118] scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show

Bugzilla: 1729270

RH-Acked-by: Jarod Wilson <jarod@redhat.com>

RH-Acked-by: Tony Camuso <tcamuso@redhat.com>

From: Bill Kuzeja <William.Kuzeja@stratus.com>

Bugzilla 1729270

When trying to display tgt_counters in the debugfs, a panic can result.

There is no null check for qpair after it is assigned in the for-loop.

Unless vha->hw->queue_pair_map array is completely filled with entries, the

system will panic dereferencing a null pointer.

Signed-off-by: Bill Kuzeja <william.kuzeja@stratus.com>

Acked-by: Himanshu Madhani <hmadhani@marvell.com>

Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

(cherry picked from commit db0f166e9a37215b15d5d732c98fa15219adccf0)

Signed-off-by: Himanshu Madhani <hmadhani@redhat.com>

Signed-off-by: Jan Stancek <jstancek@redhat.com>

---

 drivers/scsi/qla2xxx/qla_dfs.c | 2 ++

 1 file changed, 2 insertions(+)

diff --git a/drivers/scsi/qla2xxx/qla_dfs.c b/drivers/scsi/qla2xxx/qla_dfs.c

index 8688372955a0..2903d1e1847d 100644

--- a/drivers/scsi/qla2xxx/qla_dfs.c

+++ b/drivers/scsi/qla2xxx/qla_dfs.c

@@ -193,6 +193,8 @@ qla_dfs_tgt_counters_show(struct seq_file *s, void *unused)

 	for (i = 0; i < vha->hw->max_qpairs; i++) {

 		qpair = vha->hw->queue_pair_map[i];

+		if (!qpair)

+			continue;

 		qla_core_sbt_cmd += qpair->tgt_counters.qla_core_sbt_cmd;

 		core_qla_que_buf += qpair->tgt_counters.core_qla_que_buf;

 		qla_core_ret_ctio += qpair->tgt_counters.qla_core_ret_ctio;

-- 

2.13.6