!13887 CVE-2024-49891 (7a23fb4d) · Commits · EulixOS / Software / Kernel

drivers/scsi/lpfc/lpfc.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -772,6 +772,7 @@ struct lpfc_hba {
		*/
		#define HBA_FLOGI_ISSUED 0x100000 /* FLOGI was issued */
		#define HBA_DEFER_FLOGI 0x800000 /* Defer FLOGI till read_sparm cmpl */
		#define HBA_SETUP 0x1000000 /* Signifies HBA setup is completed */

		struct completion fw_dump_cmpl; / cmpl event tracker for fw_dump */
		uint32_t fcp_ring_in_use; /* When polling test if intr-hndlr active*/

+2 −1

Original line number	Diff line number	Diff line
		@@ -140,7 +140,8 @@ lpfc_dev_loss_tmo_callbk(struct fc_rport *rport)
		* or unloading the driver. The unload will cleanup the node
		* appropriately we just need to cleanup the ndlp rport info here.
		*/
		if (vport->load_flag & FC_UNLOADING) {
		if (vport->load_flag & FC_UNLOADING \|\|
		!(phba->hba_flag & HBA_SETUP)) {
		put_node = rdata->pnode != NULL;
		put_rport = ndlp->rport != NULL;
		rdata->pnode = NULL;

+11 −2

Original line number	Diff line number	Diff line
		@@ -4764,11 +4764,20 @@ lpfc_abort_handler(struct scsi_cmnd *cmnd)

		iocb = &lpfc_cmd->cur_iocbq;
		if (phba->sli_rev == LPFC_SLI_REV4) {
		pring_s4 = phba->sli4_hba.hdwq[iocb->hba_wqidx].io_wq->pring;
		if (!pring_s4) {
		/* if the io_wq & pring are gone, the port was reset. */
		if (!phba->sli4_hba.hdwq[iocb->hba_wqidx].io_wq \|\|
		!phba->sli4_hba.hdwq[iocb->hba_wqidx].io_wq->pring) {
		lpfc_printf_vlog(vport, KERN_WARNING, LOG_FCP,
		"2877 SCSI Layer I/O Abort Request "
		"IO CMPL Status x%x ID %d LUN %llu "
		"HBA_SETUP %d\n", FAILED,
		cmnd->device->id,
		(u64)cmnd->device->lun,
		phba->hba_flag & HBA_SETUP);
		ret = FAILED;
		goto out_unlock_buf;
		}
		pring_s4 = phba->sli4_hba.hdwq[iocb->hba_wqidx].io_wq->pring;
		spin_lock(&pring_s4->ring_lock);
		}
		/* the command is in process of being cancelled */

+15 −0

Original line number	Diff line number	Diff line
		@@ -4156,6 +4156,17 @@ lpfc_sli_flush_io_rings(struct lpfc_hba *phba)
		/* Look on all the FCP Rings for the iotag */
		if (phba->sli_rev >= LPFC_SLI_REV4) {
		for (i = 0; i < phba->cfg_hdw_queue; i++) {
		if (!phba->sli4_hba.hdwq \|\|
		!phba->sli4_hba.hdwq[i].io_wq) {
		lpfc_printf_log(phba, KERN_ERR, LOG_SLI,
		"7777 hdwq's deleted %x "
		"%x %x %x\n",
		phba->pport->load_flag,
		phba->hba_flag,
		phba->link_state,
		phba->sli.sli_flag);
		return;
		}
		pring = phba->sli4_hba.hdwq[i].io_wq->pring;

		spin_lock_irq(&pring->ring_lock);
		@@ -4304,6 +4315,7 @@ lpfc_sli_brdready_s4(struct lpfc_hba *phba, uint32_t mask)
		} else
		phba->sli4_hba.intr_enable = 0;

		phba->hba_flag &= ~HBA_SETUP;
		return retval;
		}

		@@ -4623,6 +4635,7 @@ lpfc_sli4_brdreset(struct lpfc_hba *phba)
		phba->link_events = 0;
		phba->pport->fc_myDID = 0;
		phba->pport->fc_prevDID = 0;
		phba->hba_flag &= ~HBA_SETUP;

		spin_lock_irq(&phba->hbalock);
		psli->sli_flag &= ~(LPFC_PROCESS_LA);
		@@ -7989,6 +8002,8 @@ lpfc_sli4_hba_setup(struct lpfc_hba *phba)
		}
		}
		mempool_free(mboxq, phba->mbox_mem_pool);

		phba->hba_flag \|= HBA_SETUP;
		return rc;
		out_io_buff_free:
		/* Free allocated IO Buffers */