scsi: lpfc: Fix GPF on scsi command completion

Faults are seen with RIP of lpfc_scsi_cmd_iocb_cmpl().  The failure is when
lpfc_update_status is being called as part of the completion.  After
debugging, it was seen the issue was the shost pointer that the driver
derived from the scsi cmd.  The crash showed the cmd->device pointer being
bogus, which is likely as the scsi devices were offlined prior. The bogus
device pointer caused subsequent pointers derived from the location,
specifically the vport, to be bogus.

Fix by adjusting the calling sequence to pass in the vport rather than
having to derive it from the cmd structure.

Link: https://lore.kernel.org/r/20190922035906.10977-9-jsmart2021@gmail.com
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c
index fe10976..c2773c0 100644 (file)
--- a/drivers/scsi/lpfc/lpfc_scsi.c
+++ b/drivers/scsi/lpfc/lpfc_scsi.c
@@ -134,21 +134,21 @@ lpfc_sli4_set_rsp_sgl_last(struct lpfc_hba *phba,
 
 /**
  * lpfc_update_stats - Update statistical data for the command completion
- * @phba: Pointer to HBA object.
+ * @vport: The virtual port on which this call is executing.
  * @lpfc_cmd: lpfc scsi command object pointer.
  *
  * This function is called when there is a command completion and this
  * function updates the statistical data for the command completion.
  **/
 static void
-lpfc_update_stats(struct lpfc_hba *phba, struct lpfc_io_buf *lpfc_cmd)
+lpfc_update_stats(struct lpfc_vport *vport, struct lpfc_io_buf *lpfc_cmd)
 {
+       struct lpfc_hba *phba = vport->phba;
        struct lpfc_rport_data *rdata;
        struct lpfc_nodelist *pnode;
        struct scsi_cmnd *cmd = lpfc_cmd->pCmd;
        unsigned long flags;
-       struct Scsi_Host  *shost = cmd->device->host;
-       struct lpfc_vport *vport = (struct lpfc_vport *) shost->hostdata;
+       struct Scsi_Host *shost = lpfc_shost_from_vport(vport);
        unsigned long latency;
        int i;
 
@@ -4004,7 +4004,7 @@ lpfc_scsi_cmd_iocb_cmpl(struct lpfc_hba *phba, struct lpfc_iocbq *pIocbIn,
                                 scsi_get_resid(cmd));
        }
 
-       lpfc_update_stats(phba, lpfc_cmd);
+       lpfc_update_stats(vport, lpfc_cmd);
        if (vport->cfg_max_scsicmpl_time &&
           time_after(jiffies, lpfc_cmd->start_time +
                msecs_to_jiffies(vport->cfg_max_scsicmpl_time))) {