scsi: lpfc: Fix NULL pointer dereference during PCI error recovery

Recent commit on patchset "lpfc updates for 11.2.0.14" fixed an issue
about dereferencing a NULL pointer on port reset. The specific commit,
named "lpfc: Fix system crash when port is reset.", is missing a check
against NULL pointer on lpfc_els_flush_cmd() though.

Since we destroy the queues on adapter resets, like in PCI error
recovery path, we need the validation present on this patch in order to
avoid a NULL pointer dereference when trying to flush commands of ELS
wq, after it has been destroyed (which would lead to a kernel oops).

Tested-by: Raphael Silva <raphasil@linux.vnet.ibm.com>
Signed-off-by: Guilherme G. Piccoli <gpiccoli@linux.vnet.ibm.com>
Acked-by: James Smart <james.smart@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

diff --git a/drivers/scsi/lpfc/lpfc_els.c b/drivers/scsi/lpfc/lpfc_els.c
index 1d36f82fa369ce4fff0b3483474477a993f93b59..8e532b39ae93af5c35a1199084f606b627e37ff0 100644 (file)
--- a/drivers/scsi/lpfc/lpfc_els.c
+++ b/drivers/scsi/lpfc/lpfc_els.c
@@ -7451,6 +7451,13 @@ lpfc_els_flush_cmd(struct lpfc_vport *vport)
         */
        spin_lock_irq(&phba->hbalock);
        pring = lpfc_phba_elsring(phba);
+
+       /* Bail out if we've no ELS wq, like in PCI error recovery case. */
+       if (unlikely(!pring)) {
+               spin_unlock_irq(&phba->hbalock);
+               return;
+       }
+
        if (phba->sli_rev == LPFC_SLI_REV4)
                spin_lock(&pring->ring_lock);