lpfc: Fix crash when unregistering default rpi.

The default rpi completion handler does back to back puts to force the
removal of the ndlp. This ends up calling lpfc_unreg_rpi after the
reference count is at 0.

Fix:  Check the reference count of the ndlp before getting the ref to
make sure we are not getting a reference on a removed object.

Signed-off-by: Dick Kennedy <dick.kennedy@avagotech.com>
Signed-off-by: James Smart <james.smart@avagotech.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

diff --git a/drivers/scsi/lpfc/lpfc_hbadisc.c b/drivers/scsi/lpfc/lpfc_hbadisc.c
index 25b5dcd1a5c86736a2fa3b3a8a7d89bdbd2e2b85..b3bf230f714a921c766e94b3d171fd8b58a2c512 100644 (file)
--- a/drivers/scsi/lpfc/lpfc_hbadisc.c
+++ b/drivers/scsi/lpfc/lpfc_hbadisc.c
@@ -4545,7 +4545,8 @@ lpfc_unreg_rpi(struct lpfc_vport *vport, struct lpfc_nodelist *ndlp)
                                    (!(vport->load_flag & FC_UNLOADING)) &&
                                    (bf_get(lpfc_sli_intf_if_type,
                                     &phba->sli4_hba.sli_intf) ==
-                                     LPFC_SLI_INTF_IF_TYPE_2)) {
+                                     LPFC_SLI_INTF_IF_TYPE_2) &&
+                                   (atomic_read(&ndlp->kref.refcount) > 0)) {
                                        mbox->context1 = lpfc_nlp_get(ndlp);
                                        mbox->mbox_cmpl =
                                                lpfc_sli4_unreg_rpi_cmpl_clr;