projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 53c51ad)
scsi: qedf: Check that fcport is offloaded before dereferencing pointers in initiate_...
authorChad Dupuis <chad.dupuis@cavium.com>
Wed, 31 May 2017 13:33:52 +0000 (06:33 -0700)
committerMartin K. Petersen <martin.petersen@oracle.com>
Tue, 13 Jun 2017 00:48:06 +0000 (20:48 -0400)
If an fcport is not offloaded then the members of the qedf_rport struct
are undefined which may cause a system crash.

Signed-off-by: Chad Dupuis <chad.dupuis@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
drivers/scsi/qedf/qedf_io.c patch | blob | blame | history

diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index ca9097bb7308f7ac692353552c433e9324c6d7d1..db160046f3e09c35a4585b20fe1fae591a1612cc 100644 (file)
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -1476,8 +1476,8 @@ int qedf_initiate_abts(struct qedf_ioreq *io_req, bool return_scsi_cmd_on_abts)
 {
        struct fc_lport *lport;
        struct qedf_rport *fcport = io_req->fcport;
-       struct fc_rport_priv *rdata = fcport->rdata;
-       struct qedf_ctx *qedf = fcport->qedf;
+       struct fc_rport_priv *rdata;
+       struct qedf_ctx *qedf;
        u16 xid;
        u32 r_a_tov = 0;
        int rc = 0;
@@ -1485,15 +1485,18 @@ int qedf_initiate_abts(struct qedf_ioreq *io_req, bool return_scsi_cmd_on_abts)
        struct fcoe_wqe *sqe;
        u16 sqe_idx;
 
-       r_a_tov = rdata->r_a_tov;
-       lport = qedf->lport;
-
+       /* Sanity check qedf_rport before dereferencing any pointers */
        if (!test_bit(QEDF_RPORT_SESSION_READY, &fcport->flags)) {
-               QEDF_ERR(&(qedf->dbg_ctx), "tgt not offloaded\n");
+               QEDF_ERR(NULL, "tgt not offloaded\n");
                rc = 1;
                goto abts_err;
        }
 
+       rdata = fcport->rdata;
+       r_a_tov = rdata->r_a_tov;
+       qedf = fcport->qedf;
+       lport = qedf->lport;
+
        if (lport->state != LPORT_ST_READY || !(lport->link_up)) {
                QEDF_ERR(&(qedf->dbg_ctx), "link is not ready\n");
                rc = 1;
@@ -1729,6 +1732,13 @@ int qedf_initiate_cleanup(struct qedf_ioreq *io_req,
                return SUCCESS;
        }
 
+       /* Sanity check qedf_rport before dereferencing any pointers */
+       if (!test_bit(QEDF_RPORT_SESSION_READY, &fcport->flags)) {
+               QEDF_ERR(NULL, "tgt not offloaded\n");
+               rc = 1;
+               return SUCCESS;
+       }
+
        qedf = fcport->qedf;
        if (!qedf) {
                QEDF_ERR(NULL, "qedf is NULL.\n");