If a user misconfigures the block layer timeout such that it is below the InfiniBand RC timeout it can happen that an SRP reply arrives after the SCSI error handler has already killed the associated SCSI command. Avoid that late replies cause a kernel crash.
Signed-off-by: Bart Van Assche <[email protected]> Cc: David Dillow <[email protected]> Cc: Roland Dreier <[email protected]> --- drivers/infiniband/ulp/srp/ib_srp.c | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) diff --git a/drivers/infiniband/ulp/srp/ib_srp.c b/drivers/infiniband/ulp/srp/ib_srp.c index 0e2353d..a2624bf 100644 --- a/drivers/infiniband/ulp/srp/ib_srp.c +++ b/drivers/infiniband/ulp/srp/ib_srp.c @@ -1074,10 +1074,12 @@ static void srp_process_rsp(struct srp_target_port *target, struct srp_rsp *rsp) } else { req = &target->req_ring[rsp->tag]; scmnd = req->scmnd; - if (!scmnd) + if (unlikely(!scmnd)) { shost_printk(KERN_ERR, target->scsi_host, "Null scmnd for RSP w/tag %016llx\n", (unsigned long long) rsp->tag); + return; + } scmnd->result = rsp->status; if (rsp->flags & SRP_RSP_FLAG_SNSVALID) { -- 1.7.3.4 -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
