From ff34e8e84fbbd3e3f31a4d54cc0501aeaa155d43 Mon Sep 17 00:00:00 2001 From: Chad Dupuis Date: Wed, 31 May 2017 06:33:52 -0700 Subject: [PATCH] scsi: qedf: Check that fcport is offloaded before dereferencing pointers in initiate_abts|cleanup. If an fcport is not offloaded then the members of the qedf_rport struct are undefined which may cause a system crash. Signed-off-by: Chad Dupuis Signed-off-by: Martin K. Petersen --- drivers/scsi/qedf/qedf_io.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c index ca9097bb7308..db160046f3e0 100644 --- a/drivers/scsi/qedf/qedf_io.c +++ b/drivers/scsi/qedf/qedf_io.c @@ -1476,8 +1476,8 @@ int qedf_initiate_abts(struct qedf_ioreq *io_req, bool return_scsi_cmd_on_abts) { struct fc_lport *lport; struct qedf_rport *fcport = io_req->fcport; - struct fc_rport_priv *rdata = fcport->rdata; - struct qedf_ctx *qedf = fcport->qedf; + struct fc_rport_priv *rdata; + struct qedf_ctx *qedf; u16 xid; u32 r_a_tov = 0; int rc = 0; @@ -1485,15 +1485,18 @@ int qedf_initiate_abts(struct qedf_ioreq *io_req, bool return_scsi_cmd_on_abts) struct fcoe_wqe *sqe; u16 sqe_idx; - r_a_tov = rdata->r_a_tov; - lport = qedf->lport; - + /* Sanity check qedf_rport before dereferencing any pointers */ if (!test_bit(QEDF_RPORT_SESSION_READY, &fcport->flags)) { - QEDF_ERR(&(qedf->dbg_ctx), "tgt not offloaded\n"); + QEDF_ERR(NULL, "tgt not offloaded\n"); rc = 1; goto abts_err; } + rdata = fcport->rdata; + r_a_tov = rdata->r_a_tov; + qedf = fcport->qedf; + lport = qedf->lport; + if (lport->state != LPORT_ST_READY || !(lport->link_up)) { QEDF_ERR(&(qedf->dbg_ctx), "link is not ready\n"); rc = 1; @@ -1729,6 +1732,13 @@ int qedf_initiate_cleanup(struct qedf_ioreq *io_req, return SUCCESS; } + /* Sanity check qedf_rport before dereferencing any pointers */ + if (!test_bit(QEDF_RPORT_SESSION_READY, &fcport->flags)) { + QEDF_ERR(NULL, "tgt not offloaded\n"); + rc = 1; + return SUCCESS; + } + qedf = fcport->qedf; if (!qedf) { QEDF_ERR(NULL, "qedf is NULL.\n"); -- 2.20.1