diff options
author | Chad Dupuis <chad.dupuis@cavium.com> | 2017-05-31 06:33:52 -0700 |
---|---|---|
committer | Martin K. Petersen <martin.petersen@oracle.com> | 2017-06-12 20:48:06 -0400 |
commit | ff34e8e84fbbd3e3f31a4d54cc0501aeaa155d43 (patch) | |
tree | c66e170cc411e836b97e74790ada7fdbad8761c9 /drivers/scsi/qedf | |
parent | 53c51adbe6f83eba94fd39000f98cf4235a89e4c (diff) | |
download | lwn-ff34e8e84fbbd3e3f31a4d54cc0501aeaa155d43.tar.gz lwn-ff34e8e84fbbd3e3f31a4d54cc0501aeaa155d43.zip |
scsi: qedf: Check that fcport is offloaded before dereferencing pointers in initiate_abts|cleanup.
If an fcport is not offloaded then the members of the qedf_rport struct
are undefined which may cause a system crash.
Signed-off-by: Chad Dupuis <chad.dupuis@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Diffstat (limited to 'drivers/scsi/qedf')
-rw-r--r-- | drivers/scsi/qedf/qedf_io.c | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c index ca9097bb7308..db160046f3e0 100644 --- a/drivers/scsi/qedf/qedf_io.c +++ b/drivers/scsi/qedf/qedf_io.c @@ -1476,8 +1476,8 @@ int qedf_initiate_abts(struct qedf_ioreq *io_req, bool return_scsi_cmd_on_abts) { struct fc_lport *lport; struct qedf_rport *fcport = io_req->fcport; - struct fc_rport_priv *rdata = fcport->rdata; - struct qedf_ctx *qedf = fcport->qedf; + struct fc_rport_priv *rdata; + struct qedf_ctx *qedf; u16 xid; u32 r_a_tov = 0; int rc = 0; @@ -1485,15 +1485,18 @@ int qedf_initiate_abts(struct qedf_ioreq *io_req, bool return_scsi_cmd_on_abts) struct fcoe_wqe *sqe; u16 sqe_idx; - r_a_tov = rdata->r_a_tov; - lport = qedf->lport; - + /* Sanity check qedf_rport before dereferencing any pointers */ if (!test_bit(QEDF_RPORT_SESSION_READY, &fcport->flags)) { - QEDF_ERR(&(qedf->dbg_ctx), "tgt not offloaded\n"); + QEDF_ERR(NULL, "tgt not offloaded\n"); rc = 1; goto abts_err; } + rdata = fcport->rdata; + r_a_tov = rdata->r_a_tov; + qedf = fcport->qedf; + lport = qedf->lport; + if (lport->state != LPORT_ST_READY || !(lport->link_up)) { QEDF_ERR(&(qedf->dbg_ctx), "link is not ready\n"); rc = 1; @@ -1729,6 +1732,13 @@ int qedf_initiate_cleanup(struct qedf_ioreq *io_req, return SUCCESS; } + /* Sanity check qedf_rport before dereferencing any pointers */ + if (!test_bit(QEDF_RPORT_SESSION_READY, &fcport->flags)) { + QEDF_ERR(NULL, "tgt not offloaded\n"); + rc = 1; + return SUCCESS; + } + qedf = fcport->qedf; if (!qedf) { QEDF_ERR(NULL, "qedf is NULL.\n"); |