[SCSI] qla2xxx: Fix NULL ptr deref bug in fail path during queue create

[net-next-2.6.git] / drivers / scsi / qla2xxx / qla_mid.c

diff --git a/drivers/scsi/qla2xxx/qla_mid.c b/drivers/scsi/qla2xxx/qla_mid.c
index cd78c501803a733759f768e049860f6acdd68f21..e07b3617f019397188cd24674fdcfabe09e49eb5 100644 (file)
--- a/drivers/scsi/qla2xxx/qla_mid.c
+++ b/drivers/scsi/qla2xxx/qla_mid.c
@@ -42,7 +42,6 @@ qla24xx_allocate_vp_id(scsi_qla_host_t *vha)
 
        set_bit(vp_id, ha->vp_idx_map);
        ha->num_vhosts++;
-       ha->cur_vport_count++;
        vha->vp_idx = vp_id;
        list_add_tail(&vha->list, &ha->vp_list);
        mutex_unlock(&ha->vport_lock);
@@ -58,7 +57,6 @@ qla24xx_deallocate_vp_id(scsi_qla_host_t *vha)
        mutex_lock(&ha->vport_lock);
        vp_id = vha->vp_idx;
        ha->num_vhosts--;
-       ha->cur_vport_count--;
        clear_bit(vp_id, ha->vp_idx_map);
        list_del(&vha->list);
        mutex_unlock(&ha->vport_lock);
@@ -235,7 +233,11 @@ qla2x00_vp_abort_isp(scsi_qla_host_t *vha)
                        atomic_set(&vha->loop_down_timer, LOOP_DOWN_TIME);
        }
 
-       /* To exclusively reset vport, we need to log it out first.*/
+       /*
+        * To exclusively reset vport, we need to log it out first.  Note: this
+        * control_vp can fail if ISP reset is already issued, this is
+        * expected, as the vp would be already logged out due to ISP reset.
+        */
        if (!test_bit(ABORT_ISP_ACTIVE, &vha->dpc_flags))
                qla24xx_control_vp(vha, VCE_COMMAND_DISABLE_VPS_LOGO_ALL);
 
@@ -247,18 +249,11 @@ qla2x00_vp_abort_isp(scsi_qla_host_t *vha)
 static int
 qla2x00_do_dpc_vp(scsi_qla_host_t *vha)
 {
-       struct qla_hw_data *ha = vha->hw;
-       scsi_qla_host_t *base_vha = pci_get_drvdata(ha->pdev);
+       qla2x00_do_work(vha);
 
        if (test_and_clear_bit(VP_IDX_ACQUIRED, &vha->vp_flags)) {
                /* VP acquired. complete port configuration */
-               if (atomic_read(&base_vha->loop_state) == LOOP_READY) {
-                       qla24xx_configure_vp(vha);
-               } else {
-                       set_bit(VP_IDX_ACQUIRED, &vha->vp_flags);
-                       set_bit(VP_DPC_NEEDED, &base_vha->dpc_flags);
-               }
-
+               qla24xx_configure_vp(vha);
                return 0;
        }
 
@@ -309,6 +304,9 @@ qla2x00_do_dpc_all_vps(scsi_qla_host_t *vha)
 
        clear_bit(VP_DPC_NEEDED, &vha->dpc_flags);
 
+       if (!(ha->current_topology & ISP_CFG_F))
+               return;
+
        list_for_each_entry_safe(vp, tvp, &ha->vp_list, list) {
                if (vp->vp_idx)
                        ret = qla2x00_do_dpc_vp(vp);
@@ -413,6 +411,11 @@ qla24xx_create_vhost(struct fc_vport *fc_vport)
 
        vha->flags.init_done = 1;
 
+       mutex_lock(&ha->vport_lock);
+       set_bit(vha->vp_idx, ha->vp_idx_map);
+       ha->cur_vport_count++;
+       mutex_unlock(&ha->vport_lock);
+
        return vha;
 
 create_vhost_failed:
@@ -565,7 +568,7 @@ qla25xx_create_req_que(struct qla_hw_data *ha, uint16_t options,
        if (req == NULL) {
                qla_printk(KERN_WARNING, ha, "could not allocate memory"
                        "for request que\n");
-               goto que_failed;
+               goto failed;
        }
 
        req->length = REQUEST_ENTRY_CNT_24XX;
@@ -629,6 +632,7 @@ qla25xx_create_req_que(struct qla_hw_data *ha, uint16_t options,
 
 que_failed:
        qla25xx_free_req_que(base_vha, req);
+failed:
        return 0;
 }
 
@@ -656,7 +660,7 @@ qla25xx_create_rsp_que(struct qla_hw_data *ha, uint16_t options,
        if (rsp == NULL) {
                qla_printk(KERN_WARNING, ha, "could not allocate memory for"
                                " response que\n");
-               goto que_failed;
+               goto failed;
        }
 
        rsp->length = RESPONSE_ENTRY_CNT_MQ;
@@ -725,6 +729,7 @@ qla25xx_create_rsp_que(struct qla_hw_data *ha, uint16_t options,
 
 que_failed:
        qla25xx_free_rsp_que(base_vha, rsp);
+failed:
        return 0;
 }