scsi: scsi_transport_fc: fix NULL pointer dereference in fc_bsg_job_timeout
authorChristoph Hellwig <hch@lst.de>
Thu, 7 Sep 2017 11:54:36 +0000 (13:54 +0200)
committerMartin K. Petersen <martin.petersen@oracle.com>
Fri, 15 Sep 2017 00:40:58 +0000 (20:40 -0400)
bsg-lib now embeddeds the job structure into the request, and
req->special can't be used anymore.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Cc: stable@vger.kernel.org
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
drivers/scsi/scsi_transport_fc.c

index 3c6bc0081fcbe34afcfc5c398a5637a2d31ae3ab..ba9d70f8a6a17f9b25008b3f86b03932c9218eb2 100644 (file)
@@ -3571,7 +3571,7 @@ fc_vport_sched_delete(struct work_struct *work)
 static enum blk_eh_timer_return
 fc_bsg_job_timeout(struct request *req)
 {
-       struct bsg_job *job = (void *) req->special;
+       struct bsg_job *job = blk_mq_rq_to_pdu(req);
        struct Scsi_Host *shost = fc_bsg_to_shost(job);
        struct fc_rport *rport = fc_bsg_to_rport(job);
        struct fc_internal *i = to_fc_internal(shost->transportt);