From: Hannes Reinecke Date: Thu, 13 Oct 2016 13:10:55 +0000 (+0200) Subject: scsi: libfc: Check xid when looking up REC exchanges X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=e0a25286d8acd97ac0b9db5b8b776755fc8b62fa;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git scsi: libfc: Check xid when looking up REC exchanges We currently can only lookup the local xid, so we need to reject REC with empty rxid. Signed-off-by: Hannes Reinecke Reviewed-by: Bart Van Assche Signed-off-by: Martin K. Petersen --- diff --git a/drivers/scsi/libfc/fc_exch.c b/drivers/scsi/libfc/fc_exch.c index 44feffa2ee25..9921dbbaeaff 100644 --- a/drivers/scsi/libfc/fc_exch.c +++ b/drivers/scsi/libfc/fc_exch.c @@ -2005,8 +2005,7 @@ static void fc_exch_els_rec(struct fc_frame *rfp) enum fc_els_rjt_reason reason = ELS_RJT_LOGIC; enum fc_els_rjt_explan explan; u32 sid; - u16 rxid; - u16 oxid; + u16 xid, rxid, oxid; lport = fr_dev(rfp); rp = fc_frame_payload_get(rfp, sizeof(*rp)); @@ -2017,9 +2016,18 @@ static void fc_exch_els_rec(struct fc_frame *rfp) rxid = ntohs(rp->rec_rx_id); oxid = ntohs(rp->rec_ox_id); - ep = fc_exch_lookup(lport, - sid == fc_host_port_id(lport->host) ? oxid : rxid); explan = ELS_EXPL_OXID_RXID; + if (sid == fc_host_port_id(lport->host)) + xid = oxid; + else + xid = rxid; + if (xid == FC_XID_UNKNOWN) { + FC_LPORT_DBG(lport, + "REC request from %x: invalid rxid %x oxid %x\n", + sid, rxid, oxid); + goto reject; + } + ep = fc_exch_lookup(lport, xid); if (!ep) { FC_LPORT_DBG(lport, "REC request from %x: rxid %x oxid %x not found\n",