From: James Smart Date: Thu, 31 Mar 2016 21:12:29 +0000 (-0700) Subject: lpfc: Fix crash when unregistering default rpi. X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=a6517db9006eb618dfde54f4bf6a9a8bc21e16e7;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git lpfc: Fix crash when unregistering default rpi. The default rpi completion handler does back to back puts to force the removal of the ndlp. This ends up calling lpfc_unreg_rpi after the reference count is at 0. Fix: Check the reference count of the ndlp before getting the ref to make sure we are not getting a reference on a removed object. Signed-off-by: Dick Kennedy Signed-off-by: James Smart Signed-off-by: Martin K. Petersen --- diff --git a/drivers/scsi/lpfc/lpfc_hbadisc.c b/drivers/scsi/lpfc/lpfc_hbadisc.c index 25b5dcd1a5c8..b3bf230f714a 100644 --- a/drivers/scsi/lpfc/lpfc_hbadisc.c +++ b/drivers/scsi/lpfc/lpfc_hbadisc.c @@ -4545,7 +4545,8 @@ lpfc_unreg_rpi(struct lpfc_vport *vport, struct lpfc_nodelist *ndlp) (!(vport->load_flag & FC_UNLOADING)) && (bf_get(lpfc_sli_intf_if_type, &phba->sli4_hba.sli_intf) == - LPFC_SLI_INTF_IF_TYPE_2)) { + LPFC_SLI_INTF_IF_TYPE_2) && + (atomic_read(&ndlp->kref.refcount) > 0)) { mbox->context1 = lpfc_nlp_get(ndlp); mbox->mbox_cmpl = lpfc_sli4_unreg_rpi_cmpl_clr;