Re: [PATCH 1/2] scsi_transport_fc: fix NULL pointer dereference in fc_bsg_job_timeout

2017-09-06 Thread Christoph Hellwig 
On Wed, Sep 06, 2017 at 06:59:39PM +0800, Ming Lei wrote:
> On Wed, Sep 6, 2017 at 6:11 PM, Christoph Hellwig  wrote:
> > bsg-lib now embeddeds the job structure into the request, and req->special
> > can't be used anymore.
> >
> > Signed-off-by: Christoph Hellwig 
> > Cc: sta...@vger.kernel.org
> > ---
> >  drivers/scsi/scsi_transport_fc.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/scsi/scsi_transport_fc.c 
> > b/drivers/scsi/scsi_transport_fc.c
> > index 3c6bc0081fcb..d8de46806a1e 100644
> > --- a/drivers/scsi/scsi_transport_fc.c
> > +++ b/drivers/scsi/scsi_transport_fc.c
> > @@ -3571,7 +3571,7 @@ fc_vport_sched_delete(struct work_struct *work)
> >  static enum blk_eh_timer_return
> >  fc_bsg_job_timeout(struct request *req)
> >  {
> > -   struct bsg_job *job = (void *) req->special;
> > +   struct bsg_job *job = blk_mq_rq_to_pdu(req->special);
> 
> still req->special?

Meh, sent out before the rebase finished - I'll fix it up.

Re: [PATCH 1/2] scsi_transport_fc: fix NULL pointer dereference in fc_bsg_job_timeout

2017-09-06 Thread Ming Lei 
On Wed, Sep 6, 2017 at 6:11 PM, Christoph Hellwig  wrote:
> bsg-lib now embeddeds the job structure into the request, and req->special
> can't be used anymore.
>
> Signed-off-by: Christoph Hellwig 
> Cc: sta...@vger.kernel.org
> ---
>  drivers/scsi/scsi_transport_fc.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/scsi/scsi_transport_fc.c 
> b/drivers/scsi/scsi_transport_fc.c
> index 3c6bc0081fcb..d8de46806a1e 100644
> --- a/drivers/scsi/scsi_transport_fc.c
> +++ b/drivers/scsi/scsi_transport_fc.c
> @@ -3571,7 +3571,7 @@ fc_vport_sched_delete(struct work_struct *work)
>  static enum blk_eh_timer_return
>  fc_bsg_job_timeout(struct request *req)
>  {
> -   struct bsg_job *job = (void *) req->special;
> +   struct bsg_job *job = blk_mq_rq_to_pdu(req->special);

still req->special?


-- 
Ming Lei

[PATCH 1/2] scsi_transport_fc: fix NULL pointer dereference in fc_bsg_job_timeout

2017-09-06 Thread Christoph Hellwig 
bsg-lib now embeddeds the job structure into the request, and req->special
can't be used anymore.

Signed-off-by: Christoph Hellwig 
Cc: sta...@vger.kernel.org
---
 drivers/scsi/scsi_transport_fc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/scsi_transport_fc.c b/drivers/scsi/scsi_transport_fc.c
index 3c6bc0081fcb..d8de46806a1e 100644
--- a/drivers/scsi/scsi_transport_fc.c
+++ b/drivers/scsi/scsi_transport_fc.c
@@ -3571,7 +3571,7 @@ fc_vport_sched_delete(struct work_struct *work)
 static enum blk_eh_timer_return
 fc_bsg_job_timeout(struct request *req)
 {
-   struct bsg_job *job = (void *) req->special;
+   struct bsg_job *job = blk_mq_rq_to_pdu(req->special);
struct Scsi_Host *shost = fc_bsg_to_shost(job);
struct fc_rport *rport = fc_bsg_to_rport(job);
struct fc_internal *i = to_fc_internal(shost->transportt);
-- 
2.11.0