sieni
/
linux
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

scsi: mpi3mr: Add NULL checks when resetting request and reply queues 

The driver encountered a crash during resource cleanup when the reply and
request queues were NULL due to freed memory.  This issue occurred when the
creation of reply or request queues failed, and the driver freed the memory
first, but attempted to mem set the content of the freed memory, leading to
a system crash.

Add NULL pointer checks for reply and request queues before accessing the
reply/request memory during cleanup

Signed-off-by: Ranjan Kumar <ranjan.kumar@broadcom.com>
Link: https://patch.msgid.link/20260212070026.30263-1-ranjan.kumar@broadcom.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
This commit is contained in:
Ranjan Kumar 2026-02-12 12:30:26 +05:30 committed by Martin K. Petersen
parent 5b31376005
commit fa96392ebe
1 changed files with 18 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
drivers/scsi/mpi3mr/mpi3mr_fw.c
View File

@ -4806,21 +4806,25 @@ void mpi3mr_memset_buffers(struct mpi3mr_ioc *mrioc)
}
for (i = 0; i < mrioc->num_queues; i++) {
mrioc->op_reply_qinfo[i].qid = 0;
mrioc->op_reply_qinfo[i].ci = 0;
mrioc->op_reply_qinfo[i].num_replies = 0;
mrioc->op_reply_qinfo[i].ephase = 0;
atomic_set(&mrioc->op_reply_qinfo[i].pend_ios, 0);
atomic_set(&mrioc->op_reply_qinfo[i].in_use, 0);
mpi3mr_memset_op_reply_q_buffers(mrioc, i);
if (mrioc->op_reply_qinfo) {
mrioc->op_reply_qinfo[i].qid = 0;
mrioc->op_reply_qinfo[i].ci = 0;
mrioc->op_reply_qinfo[i].num_replies = 0;
mrioc->op_reply_qinfo[i].ephase = 0;
atomic_set(&mrioc->op_reply_qinfo[i].pend_ios, 0);
atomic_set(&mrioc->op_reply_qinfo[i].in_use, 0);
mpi3mr_memset_op_reply_q_buffers(mrioc, i);
}
mrioc->req_qinfo[i].ci = 0;
mrioc->req_qinfo[i].pi = 0;
mrioc->req_qinfo[i].num_requests = 0;
mrioc->req_qinfo[i].qid = 0;
mrioc->req_qinfo[i].reply_qid = 0;
spin_lock_init(&mrioc->req_qinfo[i].q_lock);
mpi3mr_memset_op_req_q_buffers(mrioc, i);
if (mrioc->req_qinfo) {
mrioc->req_qinfo[i].ci = 0;
mrioc->req_qinfo[i].pi = 0;
mrioc->req_qinfo[i].num_requests = 0;
mrioc->req_qinfo[i].qid = 0;
mrioc->req_qinfo[i].reply_qid = 0;
spin_lock_init(&mrioc->req_qinfo[i].q_lock);
mpi3mr_memset_op_req_q_buffers(mrioc, i);
}
}
atomic_set(&mrioc->pend_large_data_sz, 0);