diff options
author | Johannes Thumshirn <jthumshirn@suse.de> | 2016-07-06 09:51:50 +0200 |
---|---|---|
committer | Martin K. Petersen <martin.petersen@oracle.com> | 2016-07-15 14:59:03 -0400 |
commit | ef8d1d51aa5ebe4b17b5e837d520df1e398b7adb (patch) | |
tree | 31c8f5f18803e25b7098a6b1cf895204d5bce344 | |
parent | cb05cbb389cd162db2d79e82ffaacc2451296ec2 (diff) |
qla2xxx: setup data needed in ISR before setting up the ISR
qla2xxx first calls request_irq() and then does the setup of the queue
entry data needed in the interrupt handlers in when using MSI-X. This
could lead to a NULL pointer dereference when an IRQ fires between the
request_irq() call and the assignment of the qentry data structure to
the rsp->msix field. A possible case for such a race would be in the
kdump case when the HBA's IRQs are still enabled but the driver is
undergoing a new initialisation and thus is not aware of already
activated IRQs in the HBA.
Signed-off-by: Johannes Thumshirn <jthumshirn@suse.de>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Himanshu Madhani <himanshu.madhani@qlogic.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
-rw-r--r-- | drivers/scsi/qla2xxx/qla_isr.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/drivers/scsi/qla2xxx/qla_isr.c b/drivers/scsi/qla2xxx/qla_isr.c index a92a62dea793..ea8641b47c86 100644 --- a/drivers/scsi/qla2xxx/qla_isr.c +++ b/drivers/scsi/qla2xxx/qla_isr.c @@ -3086,6 +3086,8 @@ qla24xx_enable_msix(struct qla_hw_data *ha, struct rsp_que *rsp) /* Enable MSI-X vectors for the base queue */ for (i = 0; i < 2; i++) { qentry = &ha->msix_entries[i]; + qentry->rsp = rsp; + rsp->msix = qentry; if (IS_P3P_TYPE(ha)) ret = request_irq(qentry->vector, qla82xx_msix_entries[i].handler, @@ -3097,8 +3099,6 @@ qla24xx_enable_msix(struct qla_hw_data *ha, struct rsp_que *rsp) if (ret) goto msix_register_fail; qentry->have_irq = 1; - qentry->rsp = rsp; - rsp->msix = qentry; /* Register for CPU affinity notification. */ irq_set_affinity_notifier(qentry->vector, &qentry->irq_notify); @@ -3119,12 +3119,12 @@ qla24xx_enable_msix(struct qla_hw_data *ha, struct rsp_que *rsp) */ if (QLA_TGT_MODE_ENABLED() && IS_ATIO_MSIX_CAPABLE(ha)) { qentry = &ha->msix_entries[ATIO_VECTOR]; + qentry->rsp = rsp; + rsp->msix = qentry; ret = request_irq(qentry->vector, qla83xx_msix_entries[ATIO_VECTOR].handler, 0, qla83xx_msix_entries[ATIO_VECTOR].name, rsp); qentry->have_irq = 1; - qentry->rsp = rsp; - rsp->msix = qentry; } msix_register_fail: |