Commit ff34e8e8 authored by Chad Dupuis's avatar Chad Dupuis Committed by Martin K. Petersen

scsi: qedf: Check that fcport is offloaded before dereferencing pointers in initiate_abts|cleanup.

If an fcport is not offloaded then the members of the qedf_rport struct
are undefined which may cause a system crash.
Signed-off-by: default avatarChad Dupuis <chad.dupuis@cavium.com>
Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
parent 53c51adb
...@@ -1476,8 +1476,8 @@ int qedf_initiate_abts(struct qedf_ioreq *io_req, bool return_scsi_cmd_on_abts) ...@@ -1476,8 +1476,8 @@ int qedf_initiate_abts(struct qedf_ioreq *io_req, bool return_scsi_cmd_on_abts)
{ {
struct fc_lport *lport; struct fc_lport *lport;
struct qedf_rport *fcport = io_req->fcport; struct qedf_rport *fcport = io_req->fcport;
struct fc_rport_priv *rdata = fcport->rdata; struct fc_rport_priv *rdata;
struct qedf_ctx *qedf = fcport->qedf; struct qedf_ctx *qedf;
u16 xid; u16 xid;
u32 r_a_tov = 0; u32 r_a_tov = 0;
int rc = 0; int rc = 0;
...@@ -1485,15 +1485,18 @@ int qedf_initiate_abts(struct qedf_ioreq *io_req, bool return_scsi_cmd_on_abts) ...@@ -1485,15 +1485,18 @@ int qedf_initiate_abts(struct qedf_ioreq *io_req, bool return_scsi_cmd_on_abts)
struct fcoe_wqe *sqe; struct fcoe_wqe *sqe;
u16 sqe_idx; u16 sqe_idx;
r_a_tov = rdata->r_a_tov; /* Sanity check qedf_rport before dereferencing any pointers */
lport = qedf->lport;
if (!test_bit(QEDF_RPORT_SESSION_READY, &fcport->flags)) { if (!test_bit(QEDF_RPORT_SESSION_READY, &fcport->flags)) {
QEDF_ERR(&(qedf->dbg_ctx), "tgt not offloaded\n"); QEDF_ERR(NULL, "tgt not offloaded\n");
rc = 1; rc = 1;
goto abts_err; goto abts_err;
} }
rdata = fcport->rdata;
r_a_tov = rdata->r_a_tov;
qedf = fcport->qedf;
lport = qedf->lport;
if (lport->state != LPORT_ST_READY || !(lport->link_up)) { if (lport->state != LPORT_ST_READY || !(lport->link_up)) {
QEDF_ERR(&(qedf->dbg_ctx), "link is not ready\n"); QEDF_ERR(&(qedf->dbg_ctx), "link is not ready\n");
rc = 1; rc = 1;
...@@ -1729,6 +1732,13 @@ int qedf_initiate_cleanup(struct qedf_ioreq *io_req, ...@@ -1729,6 +1732,13 @@ int qedf_initiate_cleanup(struct qedf_ioreq *io_req,
return SUCCESS; return SUCCESS;
} }
/* Sanity check qedf_rport before dereferencing any pointers */
if (!test_bit(QEDF_RPORT_SESSION_READY, &fcport->flags)) {
QEDF_ERR(NULL, "tgt not offloaded\n");
rc = 1;
return SUCCESS;
}
qedf = fcport->qedf; qedf = fcport->qedf;
if (!qedf) { if (!qedf) {
QEDF_ERR(NULL, "qedf is NULL.\n"); QEDF_ERR(NULL, "qedf is NULL.\n");
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment