summaryrefslogtreecommitdiff
path: root/drivers/scsi/qedf
diff options
context:
space:
mode:
authorChad Dupuis <chad.dupuis@cavium.com>2017-05-31 06:33:52 -0700
committerMartin K. Petersen <martin.petersen@oracle.com>2017-06-12 20:48:06 -0400
commitff34e8e84fbbd3e3f31a4d54cc0501aeaa155d43 (patch)
treec66e170cc411e836b97e74790ada7fdbad8761c9 /drivers/scsi/qedf
parent53c51adbe6f83eba94fd39000f98cf4235a89e4c (diff)
downloadlwn-ff34e8e84fbbd3e3f31a4d54cc0501aeaa155d43.tar.gz
lwn-ff34e8e84fbbd3e3f31a4d54cc0501aeaa155d43.zip
scsi: qedf: Check that fcport is offloaded before dereferencing pointers in initiate_abts|cleanup.
If an fcport is not offloaded then the members of the qedf_rport struct are undefined which may cause a system crash. Signed-off-by: Chad Dupuis <chad.dupuis@cavium.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Diffstat (limited to 'drivers/scsi/qedf')
-rw-r--r--drivers/scsi/qedf/qedf_io.c22
1 files changed, 16 insertions, 6 deletions
diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index ca9097bb7308..db160046f3e0 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -1476,8 +1476,8 @@ int qedf_initiate_abts(struct qedf_ioreq *io_req, bool return_scsi_cmd_on_abts)
{
struct fc_lport *lport;
struct qedf_rport *fcport = io_req->fcport;
- struct fc_rport_priv *rdata = fcport->rdata;
- struct qedf_ctx *qedf = fcport->qedf;
+ struct fc_rport_priv *rdata;
+ struct qedf_ctx *qedf;
u16 xid;
u32 r_a_tov = 0;
int rc = 0;
@@ -1485,15 +1485,18 @@ int qedf_initiate_abts(struct qedf_ioreq *io_req, bool return_scsi_cmd_on_abts)
struct fcoe_wqe *sqe;
u16 sqe_idx;
- r_a_tov = rdata->r_a_tov;
- lport = qedf->lport;
-
+ /* Sanity check qedf_rport before dereferencing any pointers */
if (!test_bit(QEDF_RPORT_SESSION_READY, &fcport->flags)) {
- QEDF_ERR(&(qedf->dbg_ctx), "tgt not offloaded\n");
+ QEDF_ERR(NULL, "tgt not offloaded\n");
rc = 1;
goto abts_err;
}
+ rdata = fcport->rdata;
+ r_a_tov = rdata->r_a_tov;
+ qedf = fcport->qedf;
+ lport = qedf->lport;
+
if (lport->state != LPORT_ST_READY || !(lport->link_up)) {
QEDF_ERR(&(qedf->dbg_ctx), "link is not ready\n");
rc = 1;
@@ -1729,6 +1732,13 @@ int qedf_initiate_cleanup(struct qedf_ioreq *io_req,
return SUCCESS;
}
+ /* Sanity check qedf_rport before dereferencing any pointers */
+ if (!test_bit(QEDF_RPORT_SESSION_READY, &fcport->flags)) {
+ QEDF_ERR(NULL, "tgt not offloaded\n");
+ rc = 1;
+ return SUCCESS;
+ }
+
qedf = fcport->qedf;
if (!qedf) {
QEDF_ERR(NULL, "qedf is NULL.\n");