projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5d339d1)
scsi: libfc: safeguard against invalid exchange index
authorHannes Reinecke <hare@suse.de>
Thu, 13 Oct 2016 13:10:49 +0000 (15:10 +0200)
committerMartin K. Petersen <martin.petersen@oracle.com>
Tue, 8 Nov 2016 22:29:52 +0000 (17:29 -0500)
The cached exchange index might be invalid, in which case
we should drop down to allocate a new one.
And we should not try to access an invalid exchange when
responding to a BA_ABTS.

Signed-off-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Bart Van Assche <bart.vanassche@sandisk.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
drivers/scsi/libfc/fc_exch.c patch | blob | blame | history

diff --git a/drivers/scsi/libfc/fc_exch.c b/drivers/scsi/libfc/fc_exch.c
index 99cc5a9419975944a3270a937f4f59393ecb65af..7b47ab1389ca0d451b12f5c49d05be1c1a0dfc22 100644 (file)
--- a/drivers/scsi/libfc/fc_exch.c
+++ b/drivers/scsi/libfc/fc_exch.c
@@ -827,14 +827,18 @@ static struct fc_exch *fc_exch_em_alloc(struct fc_lport *lport,
 
        /* peek cache of free slot */
        if (pool->left != FC_XID_UNKNOWN) {
-               index = pool->left;
-               pool->left = FC_XID_UNKNOWN;
-               goto hit;
+               if (!WARN_ON(fc_exch_ptr_get(pool, pool->left))) {
+                       index = pool->left;
+                       pool->left = FC_XID_UNKNOWN;
+                       goto hit;
+               }
        }
        if (pool->right != FC_XID_UNKNOWN) {
-               index = pool->right;
-               pool->right = FC_XID_UNKNOWN;
-               goto hit;
+               if (!WARN_ON(fc_exch_ptr_get(pool, pool->right))) {
+                       index = pool->right;
+                       pool->right = FC_XID_UNKNOWN;
+                       goto hit;
+               }
        }
 
        index = pool->next_index;
@@ -1782,7 +1786,10 @@ static void fc_exch_recv_bls(struct fc_exch_mgr *mp, struct fc_frame *fp)
                                fc_frame_free(fp);
                        break;
                case FC_RCTL_BA_ABTS:
-                       fc_exch_recv_abts(ep, fp);
+                       if (ep)
+                               fc_exch_recv_abts(ep, fp);
+                       else
+                               fc_frame_free(fp);
                        break;
                default:                        /* ignore junk */
                        fc_frame_free(fp);