Blob Blame History Raw
From bff74ada05ccf29f8d1a91835accc21385a9ec3a Mon Sep 17 00:00:00 2001
From: Himanshu Madhani <hmadhani@redhat.com>
Date: Thu, 1 Aug 2019 15:54:46 -0400
Subject: [PATCH 026/124] [scsi] scsi: qla2xxx: Fix panic in
 qla_dfs_tgt_counters_show

Message-id: <20190801155618.12650-27-hmadhani@redhat.com>
Patchwork-id: 267803
O-Subject: [RHEL 7.8 e-stor PATCH 026/118] scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show
Bugzilla: 1729270
RH-Acked-by: Jarod Wilson <jarod@redhat.com>
RH-Acked-by: Tony Camuso <tcamuso@redhat.com>

From: Bill Kuzeja <William.Kuzeja@stratus.com>

Bugzilla 1729270

When trying to display tgt_counters in the debugfs, a panic can result.

There is no null check for qpair after it is assigned in the for-loop.
Unless vha->hw->queue_pair_map array is completely filled with entries, the
system will panic dereferencing a null pointer.

Signed-off-by: Bill Kuzeja <william.kuzeja@stratus.com>
Acked-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
(cherry picked from commit db0f166e9a37215b15d5d732c98fa15219adccf0)
Signed-off-by: Himanshu Madhani <hmadhani@redhat.com>
Signed-off-by: Jan Stancek <jstancek@redhat.com>
---
 drivers/scsi/qla2xxx/qla_dfs.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/scsi/qla2xxx/qla_dfs.c b/drivers/scsi/qla2xxx/qla_dfs.c
index 8688372955a0..2903d1e1847d 100644
--- a/drivers/scsi/qla2xxx/qla_dfs.c
+++ b/drivers/scsi/qla2xxx/qla_dfs.c
@@ -193,6 +193,8 @@ qla_dfs_tgt_counters_show(struct seq_file *s, void *unused)
 
 	for (i = 0; i < vha->hw->max_qpairs; i++) {
 		qpair = vha->hw->queue_pair_map[i];
+		if (!qpair)
+			continue;
 		qla_core_sbt_cmd += qpair->tgt_counters.qla_core_sbt_cmd;
 		core_qla_que_buf += qpair->tgt_counters.core_qla_que_buf;
 		qla_core_ret_ctio += qpair->tgt_counters.qla_core_ret_ctio;
-- 
2.13.6