[SCSI] lpfc driver 8.0.30 : fix get_stats panic
Fix panic in lpfc_get_stats()
Symptoms: Panic on sysfs stats access
Cause: In lpfc_get_stats() we are writing to memory that we do not
own.
Fix: Fix our stats structure allocation. Embed phba->link_stats in
struct lpfc_hba and stop treating it like rogue structure.
Note: Embedding midlayer/transport structure in our structure caused
need for more files to include midlayer/transport headers.
Signed-off-by: James Smart <James.Smart@emulex.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
diff --git a/drivers/scsi/lpfc/lpfc.h b/drivers/scsi/lpfc/lpfc.h
index 3bb82aa..adb9567 100644
--- a/drivers/scsi/lpfc/lpfc.h
+++ b/drivers/scsi/lpfc/lpfc.h
@@ -342,9 +342,6 @@
#define VPD_MASK 0xf /* mask for any vpd data */
struct timer_list els_tmofunc;
-
- void *link_stats;
-
/*
* stat counters
*/
@@ -370,6 +367,8 @@
struct list_head freebufList;
struct list_head ctrspbuflist;
struct list_head rnidrspbuflist;
+
+ struct fc_host_statistics link_stats;
};
diff --git a/drivers/scsi/lpfc/lpfc_attr.c b/drivers/scsi/lpfc/lpfc_attr.c
index 3cea928..f37b764 100644
--- a/drivers/scsi/lpfc/lpfc_attr.c
+++ b/drivers/scsi/lpfc/lpfc_attr.c
@@ -988,8 +988,7 @@
{
struct lpfc_hba *phba = (struct lpfc_hba *)shost->hostdata[0];
struct lpfc_sli *psli = &phba->sli;
- struct fc_host_statistics *hs =
- (struct fc_host_statistics *)phba->link_stats;
+ struct fc_host_statistics *hs = &phba->link_stats;
LPFC_MBOXQ_t *pmboxq;
MAILBOX_t *pmb;
int rc=0;
@@ -1020,6 +1019,8 @@
return NULL;
}
+ memset(hs, 0, sizeof (struct fc_host_statistics));
+
hs->tx_frames = pmb->un.varRdStatus.xmitFrameCnt;
hs->tx_words = (pmb->un.varRdStatus.xmitByteCnt * 256);
hs->rx_frames = pmb->un.varRdStatus.rcvFrameCnt;
diff --git a/drivers/scsi/lpfc/lpfc_ct.c b/drivers/scsi/lpfc/lpfc_ct.c
index 78adee4..b3880ec 100644
--- a/drivers/scsi/lpfc/lpfc_ct.c
+++ b/drivers/scsi/lpfc/lpfc_ct.c
@@ -29,6 +29,7 @@
#include <scsi/scsi_device.h>
#include <scsi/scsi_host.h>
+#include <scsi/scsi_transport_fc.h>
#include "lpfc_hw.h"
#include "lpfc_sli.h"
diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c
index 34d416d..1b6d1dc 100644
--- a/drivers/scsi/lpfc/lpfc_init.c
+++ b/drivers/scsi/lpfc/lpfc_init.c
@@ -1339,14 +1339,12 @@
if (pci_request_regions(pdev, LPFC_DRIVER_NAME))
goto out_disable_device;
- host = scsi_host_alloc(&lpfc_template,
- sizeof (struct lpfc_hba) + sizeof (unsigned long));
+ host = scsi_host_alloc(&lpfc_template, sizeof (struct lpfc_hba));
if (!host)
goto out_release_regions;
phba = (struct lpfc_hba*)host->hostdata;
memset(phba, 0, sizeof (struct lpfc_hba));
- phba->link_stats = (void *)&phba[1];
phba->host = host;
phba->fc_flag |= FC_LOADING;
diff --git a/drivers/scsi/lpfc/lpfc_mbox.c b/drivers/scsi/lpfc/lpfc_mbox.c
index c27cf94..afcd54d 100644
--- a/drivers/scsi/lpfc/lpfc_mbox.c
+++ b/drivers/scsi/lpfc/lpfc_mbox.c
@@ -23,6 +23,9 @@
#include <linux/pci.h>
#include <linux/interrupt.h>
+#include <scsi/scsi_device.h>
+#include <scsi/scsi_transport_fc.h>
+
#include "lpfc_hw.h"
#include "lpfc_sli.h"
#include "lpfc_disc.h"
diff --git a/drivers/scsi/lpfc/lpfc_mem.c b/drivers/scsi/lpfc/lpfc_mem.c
index a5cfb64..034a8bf 100644
--- a/drivers/scsi/lpfc/lpfc_mem.c
+++ b/drivers/scsi/lpfc/lpfc_mem.c
@@ -23,6 +23,9 @@
#include <linux/pci.h>
#include <linux/interrupt.h>
+#include <scsi/scsi_device.h>
+#include <scsi/scsi_transport_fc.h>
+
#include "lpfc_hw.h"
#include "lpfc_sli.h"
#include "lpfc_disc.h"
diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c
index 1775508..e027f47 100644
--- a/drivers/scsi/lpfc/lpfc_sli.c
+++ b/drivers/scsi/lpfc/lpfc_sli.c
@@ -27,6 +27,7 @@
#include <scsi/scsi_cmnd.h>
#include <scsi/scsi_device.h>
#include <scsi/scsi_host.h>
+#include <scsi/scsi_transport_fc.h>
#include "lpfc_hw.h"
#include "lpfc_sli.h"