qla2xxx: setup data needed in ISR before setting up the ISR

qla2xxx first calls request_irq() and then does the setup of the queue
entry data needed in the interrupt handlers in when using MSI-X. This
could lead to a NULL pointer dereference when an IRQ fires between the
request_irq() call and the assignment of the qentry data structure to
the rsp->msix field. A possible case for such a race would be in the
kdump case when the HBA's IRQs are still enabled but the driver is
undergoing a new initialisation and thus is not aware of already
activated IRQs in the HBA.

Signed-off-by: Johannes Thumshirn <jthumshirn@suse.de>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Himanshu Madhani <himanshu.madhani@qlogic.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

diff --git a/drivers/scsi/qla2xxx/qla_isr.c b/drivers/scsi/qla2xxx/qla_isr.c
index a92a62dea7934429e48c252f77405a8dd70b6400..ea8641b47c86b8df3f216932f40af2404781d920 100644 (file)
--- a/drivers/scsi/qla2xxx/qla_isr.c
+++ b/drivers/scsi/qla2xxx/qla_isr.c
@@ -3086,6 +3086,8 @@ qla24xx_enable_msix(struct qla_hw_data *ha, struct rsp_que *rsp)
        /* Enable MSI-X vectors for the base queue */
        for (i = 0; i < 2; i++) {
                qentry = &ha->msix_entries[i];
+               qentry->rsp = rsp;
+               rsp->msix = qentry;
                if (IS_P3P_TYPE(ha))
                        ret = request_irq(qentry->vector,
                                qla82xx_msix_entries[i].handler,
@@ -3097,8 +3099,6 @@ qla24xx_enable_msix(struct qla_hw_data *ha, struct rsp_que *rsp)
                if (ret)
                        goto msix_register_fail;
                qentry->have_irq = 1;
-               qentry->rsp = rsp;
-               rsp->msix = qentry;
 
                /* Register for CPU affinity notification. */
                irq_set_affinity_notifier(qentry->vector, &qentry->irq_notify);
@@ -3119,12 +3119,12 @@ qla24xx_enable_msix(struct qla_hw_data *ha, struct rsp_que *rsp)
         */
        if (QLA_TGT_MODE_ENABLED() && IS_ATIO_MSIX_CAPABLE(ha)) {
                qentry = &ha->msix_entries[ATIO_VECTOR];
+               qentry->rsp = rsp;
+               rsp->msix = qentry;
                ret = request_irq(qentry->vector,
                        qla83xx_msix_entries[ATIO_VECTOR].handler,
                        0, qla83xx_msix_entries[ATIO_VECTOR].name, rsp);
                qentry->have_irq = 1;
-               qentry->rsp = rsp;
-               rsp->msix = qentry;
        }
 
 msix_register_fail: