Avoid that fc_exch_find() can return a non-zero exchange pointer if the exchange ID does not match. Found this by code inspection.
Signed-off-by: Bart Van Assche <[email protected]> Cc: Robert Love <[email protected]> Cc: Neil Horman <[email protected]> --- drivers/scsi/libfc/fc_exch.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/scsi/libfc/fc_exch.c b/drivers/scsi/libfc/fc_exch.c index d0be52a..48f3293 100644 --- a/drivers/scsi/libfc/fc_exch.c +++ b/drivers/scsi/libfc/fc_exch.c @@ -836,8 +836,12 @@ static struct fc_exch *fc_exch_find(struct fc_exch_mgr *mp, u16 xid) pool = per_cpu_ptr(mp->pool, xid & fc_cpu_mask); spin_lock_bh(&pool->lock); ep = fc_exch_ptr_get(pool, (xid - mp->min_xid) >> fc_cpu_order); - if (ep && ep->xid == xid) - fc_exch_hold(ep); + if (ep) { + if (ep->xid == xid) + fc_exch_hold(ep); + else + ep = NULL; + } spin_unlock_bh(&pool->lock); } return ep; -- 1.7.10.4 _______________________________________________ fcoe-devel mailing list [email protected] http://lists.open-fcoe.org/mailman/listinfo/fcoe-devel
