scsi: qedf: Check that fcport is offloaded before dereferencing pointers in initiate_abts|cleanup. (ff34e8e8) · Commits · e / devices / android_kernel_fairphone_FP4

drivers/scsi/qedf/qedf_io.c

+16 −6

Original line number	Diff line number	Diff line
		@@ -1476,8 +1476,8 @@ int qedf_initiate_abts(struct qedf_ioreq *io_req, bool return_scsi_cmd_on_abts)
		{
		struct fc_lport *lport;
		struct qedf_rport *fcport = io_req->fcport;
		struct fc_rport_priv *rdata = fcport->rdata;
		struct qedf_ctx *qedf = fcport->qedf;
		struct fc_rport_priv *rdata;
		struct qedf_ctx *qedf;
		u16 xid;
		u32 r_a_tov = 0;
		int rc = 0;
		@@ -1485,15 +1485,18 @@ int qedf_initiate_abts(struct qedf_ioreq *io_req, bool return_scsi_cmd_on_abts)
		struct fcoe_wqe *sqe;
		u16 sqe_idx;

		r_a_tov = rdata->r_a_tov;
		lport = qedf->lport;

		/* Sanity check qedf_rport before dereferencing any pointers */
		if (!test_bit(QEDF_RPORT_SESSION_READY, &fcport->flags)) {
		QEDF_ERR(&(qedf->dbg_ctx), "tgt not offloaded\n");
		QEDF_ERR(NULL, "tgt not offloaded\n");
		rc = 1;
		goto abts_err;
		}

		rdata = fcport->rdata;
		r_a_tov = rdata->r_a_tov;
		qedf = fcport->qedf;
		lport = qedf->lport;

		if (lport->state != LPORT_ST_READY \|\| !(lport->link_up)) {
		QEDF_ERR(&(qedf->dbg_ctx), "link is not ready\n");
		rc = 1;
		@@ -1729,6 +1732,13 @@ int qedf_initiate_cleanup(struct qedf_ioreq *io_req,
		return SUCCESS;
		}

		/* Sanity check qedf_rport before dereferencing any pointers */
		if (!test_bit(QEDF_RPORT_SESSION_READY, &fcport->flags)) {
		QEDF_ERR(NULL, "tgt not offloaded\n");
		rc = 1;
		return SUCCESS;
		}

		qedf = fcport->qedf;
		if (!qedf) {
		QEDF_ERR(NULL, "qedf is NULL.\n");