[SCSI] lpfc 8.3.0 : Fix system crash due to uninitialized node access

[safe/jmp/linux-2.6] / drivers / scsi / lpfc / lpfc_scsi.c

diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c
index 6293b6f..cf6b2d4 100644 (file)
--- a/drivers/scsi/lpfc/lpfc_scsi.c
+++ b/drivers/scsi/lpfc/lpfc_scsi.c
@@ -945,7 +945,8 @@ lpfc_scsi_cmd_iocb_cmpl(struct lpfc_hba *phba, struct lpfc_iocbq *pIocbIn,
 
        lpfc_cmd->result = pIocbOut->iocb.un.ulpWord[4];
        lpfc_cmd->status = pIocbOut->iocb.ulpStatus;
-       atomic_dec(&pnode->cmd_pending);
+       if (pnode && NLP_CHK_NODE_ACT(pnode))
+               atomic_dec(&pnode->cmd_pending);
 
        if (lpfc_cmd->status) {
                if (lpfc_cmd->status == IOSTAT_LOCAL_REJECT &&
@@ -1035,23 +1036,31 @@ lpfc_scsi_cmd_iocb_cmpl(struct lpfc_hba *phba, struct lpfc_iocbq *pIocbIn,
           time_after(jiffies, lpfc_cmd->start_time +
                msecs_to_jiffies(vport->cfg_max_scsicmpl_time))) {
                spin_lock_irqsave(sdev->host->host_lock, flags);
-               if ((pnode->cmd_qdepth > atomic_read(&pnode->cmd_pending) &&
-                   (atomic_read(&pnode->cmd_pending) > LPFC_MIN_TGT_QDEPTH) &&
-                   ((cmd->cmnd[0] == READ_10) || (cmd->cmnd[0] == WRITE_10))))
-                       pnode->cmd_qdepth = atomic_read(&pnode->cmd_pending);
-
-               pnode->last_change_time = jiffies;
+               if (pnode && NLP_CHK_NODE_ACT(pnode)) {
+                       if (pnode->cmd_qdepth >
+                               atomic_read(&pnode->cmd_pending) &&
+                               (atomic_read(&pnode->cmd_pending) >
+                               LPFC_MIN_TGT_QDEPTH) &&
+                               ((cmd->cmnd[0] == READ_10) ||
+                               (cmd->cmnd[0] == WRITE_10)))
+                               pnode->cmd_qdepth =
+                                       atomic_read(&pnode->cmd_pending);
+
+                       pnode->last_change_time = jiffies;
+               }
                spin_unlock_irqrestore(sdev->host->host_lock, flags);
-       } else if ((pnode->cmd_qdepth < LPFC_MAX_TGT_QDEPTH) &&
+       } else if (pnode && NLP_CHK_NODE_ACT(pnode)) {
+               if ((pnode->cmd_qdepth < LPFC_MAX_TGT_QDEPTH) &&
                   time_after(jiffies, pnode->last_change_time +
-                       msecs_to_jiffies(LPFC_TGTQ_INTERVAL))) {
-               spin_lock_irqsave(sdev->host->host_lock, flags);
-               pnode->cmd_qdepth += pnode->cmd_qdepth *
-                       LPFC_TGTQ_RAMPUP_PCENT / 100;
-               if (pnode->cmd_qdepth > LPFC_MAX_TGT_QDEPTH)
-                       pnode->cmd_qdepth = LPFC_MAX_TGT_QDEPTH;
-               pnode->last_change_time = jiffies;
-               spin_unlock_irqrestore(sdev->host->host_lock, flags);
+                             msecs_to_jiffies(LPFC_TGTQ_INTERVAL))) {
+                       spin_lock_irqsave(sdev->host->host_lock, flags);
+                       pnode->cmd_qdepth += pnode->cmd_qdepth *
+                               LPFC_TGTQ_RAMPUP_PCENT / 100;
+                       if (pnode->cmd_qdepth > LPFC_MAX_TGT_QDEPTH)
+                               pnode->cmd_qdepth = LPFC_MAX_TGT_QDEPTH;
+                       pnode->last_change_time = jiffies;
+                       spin_unlock_irqrestore(sdev->host->host_lock, flags);
+               }
        }
 
        lpfc_scsi_unprep_dma_buf(phba, lpfc_cmd);
@@ -1536,7 +1545,8 @@ lpfc_queuecommand(struct scsi_cmnd *cmnd, void (*done) (struct scsi_cmnd *))
                cmnd->result = ScsiResult(DID_TRANSPORT_DISRUPTED, 0);
                goto out_fail_command;
        }
-       if (atomic_read(&ndlp->cmd_pending) >= ndlp->cmd_qdepth)
+       if (vport->cfg_max_scsicmpl_time &&
+               (atomic_read(&ndlp->cmd_pending) >= ndlp->cmd_qdepth))
                goto out_host_busy;
 
        lpfc_cmd = lpfc_get_scsi_buf(phba);