Re: [PATCH 05/15] qedf: Check that fcport is offloaded before dereferencing pointers in initiate_abts|cleanup.

2017-05-24 Thread Bart Van Assche 
On Tue, 2017-05-23 at 06:19 -0700, Dupuis, Chad wrote:
> If an fcport is not offloaded then the members of the qedf_rport struct
> are undefined which may cause a system crash.

Reviewed-by: Bart Van Assche

[PATCH 05/15] qedf: Check that fcport is offloaded before dereferencing pointers in initiate_abts|cleanup.

2017-05-23 Thread Dupuis, Chad 
If an fcport is not offloaded then the members of the qedf_rport struct
are undefined which may cause a system crash.

Signed-off-by: Chad Dupuis 
---
 drivers/scsi/qedf/qedf_io.c | 22 --
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index ca9097b..db16004 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -1476,8 +1476,8 @@ int qedf_initiate_abts(struct qedf_ioreq *io_req, bool 
return_scsi_cmd_on_abts)
 {
struct fc_lport *lport;
struct qedf_rport *fcport = io_req->fcport;
-   struct fc_rport_priv *rdata = fcport->rdata;
-   struct qedf_ctx *qedf = fcport->qedf;
+   struct fc_rport_priv *rdata;
+   struct qedf_ctx *qedf;
u16 xid;
u32 r_a_tov = 0;
int rc = 0;
@@ -1485,15 +1485,18 @@ int qedf_initiate_abts(struct qedf_ioreq *io_req, bool 
return_scsi_cmd_on_abts)
struct fcoe_wqe *sqe;
u16 sqe_idx;
 
-   r_a_tov = rdata->r_a_tov;
-   lport = qedf->lport;
-
+   /* Sanity check qedf_rport before dereferencing any pointers */
if (!test_bit(QEDF_RPORT_SESSION_READY, >flags)) {
-   QEDF_ERR(&(qedf->dbg_ctx), "tgt not offloaded\n");
+   QEDF_ERR(NULL, "tgt not offloaded\n");
rc = 1;
goto abts_err;
}
 
+   rdata = fcport->rdata;
+   r_a_tov = rdata->r_a_tov;
+   qedf = fcport->qedf;
+   lport = qedf->lport;
+
if (lport->state != LPORT_ST_READY || !(lport->link_up)) {
QEDF_ERR(&(qedf->dbg_ctx), "link is not ready\n");
rc = 1;
@@ -1729,6 +1732,13 @@ int qedf_initiate_cleanup(struct qedf_ioreq *io_req,
return SUCCESS;
}
 
+   /* Sanity check qedf_rport before dereferencing any pointers */
+   if (!test_bit(QEDF_RPORT_SESSION_READY, >flags)) {
+   QEDF_ERR(NULL, "tgt not offloaded\n");
+   rc = 1;
+   return SUCCESS;
+   }
+
qedf = fcport->qedf;
if (!qedf) {
QEDF_ERR(NULL, "qedf is NULL.\n");
-- 
1.8.5.6