scsi: lpfc: Fix crash in lpfc_nvme_fcp_io_submit during LIP

The driver is seeing a NULL pointer in lpfc_nvme_fcp_io_submit.  This
was ultimately due to a transport AER being sent on a terminated
controller, thus some of the values were not set. In case we're in a
system without a corrected transport and in case a race condition occurs
where we enter the routine as the teardown is happening in a separate
thread, validate the parameters before starting the io.

Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <james.smart@broadcom.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

diff --git a/drivers/scsi/lpfc/lpfc_nvme.c b/drivers/scsi/lpfc/lpfc_nvme.c
index 078e9ef4d0bfabae64bd77a45f90a6ef88ae2fe4..68bf9defbc929c3540d325d11247d56ced94abf4 100644 (file)
--- a/drivers/scsi/lpfc/lpfc_nvme.c
+++ b/drivers/scsi/lpfc/lpfc_nvme.c
@@ -1235,6 +1235,16 @@ lpfc_nvme_fcp_io_submit(struct nvme_fc_local_port *pnvme_lport,
        vport = lport->vport;
        phba = vport->phba;
 
+       /* Validate pointers. */
+       if (!pnvme_lport || !pnvme_rport || !freqpriv) {
+               lpfc_printf_vlog(vport, KERN_INFO, LOG_NVME_IOERR | LOG_NODE,
+                                "6117 No Send:IO submit ptrs NULL, lport %p, "
+                                "rport %p fcreq_priv %p\n",
+                                pnvme_lport, pnvme_rport, freqpriv);
+               ret = -ENODEV;
+               goto out_fail;
+       }
+
 #ifdef CONFIG_SCSI_LPFC_DEBUG_FS
        if (phba->ktime_on)
                start = ktime_get_ns();