bfa: Fix for crash when bfa_itnim is NULL

Orabug: 23950878

Fix a very corner case when the port gets disconnected and the BFA and
FCS layers clean up references to the IT nexus.  During this window if a
task management command is issued by the SCSI-ML and ends up referencing
a NULL itnim, it could lead to a crash.

Signed-off-by: Anil Gurumurthy <anil.gurumurthy@qlogic.com>
Tested-by: Sudarasana Kalluru <sudarsana.kalluru@qlogic.com>
Signed-off-by: Ethan Zhao <ethan.zhao@oracle.com>

diff --git a/drivers/scsi/bfa/bfad_im.c b/drivers/scsi/bfa/bfad_im.c
index f66ba723a95e741adb10912dde64f20592d540ce..7db15423ee0eaa20fbb03ad663390c076e607d0e 100644 (file)
--- a/drivers/scsi/bfa/bfad_im.c
+++ b/drivers/scsi/bfa/bfad_im.c
@@ -272,6 +272,19 @@ bfad_im_target_reset_send(struct bfad_s *bfad, struct scsi_cmnd *cmnd,
        cmnd->host_scribble = NULL;
        cmnd->SCp.Status = 0;
        bfa_itnim = bfa_fcs_itnim_get_halitn(&itnim->fcs_itnim);
+       /*
+        * bfa_itnim can be NULL if the port gets disconnected and the bfa
+        * and fcs layers have cleaned up their nexus with the targets and
+        * the same has not been cleaned up by the shim
+        */
+       if (bfa_itnim == NULL) {
+               bfa_tskim_free(tskim);
+               BFA_LOG(KERN_ERR, bfad, bfa_log_level,
+                       "target reset, bfa_itnim is NULL\n");
+               rc = BFA_STATUS_FAILED;
+               goto out;
+       }
+
        memset(&scsilun, 0, sizeof(scsilun));
        bfa_tskim_start(tskim, bfa_itnim, scsilun,
                            FCP_TM_TARGET_RESET, BFAD_TARGET_RESET_TMO);
@@ -327,6 +340,19 @@ bfad_im_reset_lun_handler(struct scsi_cmnd *cmnd)
        cmnd->SCp.ptr = (char *)&wq;
        cmnd->SCp.Status = 0;
        bfa_itnim = bfa_fcs_itnim_get_halitn(&itnim->fcs_itnim);
+       /*
+        * bfa_itnim can be NULL if the port gets disconnected and the bfa
+        * and fcs layers have cleaned up their nexus with the targets and
+        * the same has not been cleaned up by the shim
+        */
+       if (bfa_itnim == NULL) {
+               bfa_tskim_free(tskim);
+               BFA_LOG(KERN_ERR, bfad, bfa_log_level,
+                       "lun reset, bfa_itnim is NULL\n");
+               spin_unlock_irqrestore(&bfad->bfad_lock, flags);
+               rc = FAILED;
+               goto out;
+       }
        int_to_scsilun(cmnd->device->lun, &scsilun);
        bfa_tskim_start(tskim, bfa_itnim, scsilun,
                            FCP_TM_LUN_RESET, BFAD_LUN_RESET_TMO);