If an SRP target sends an invalid SRP_RSP information unit to the SRP initiator this can cause a NULL pointer dereference on the initiator system. This patch avoids such NULL pointer dereferences and makes sure the SRP inititator keeps working.
Signed-off-by: Bart Van Assche <bart.vanass...@gmail.com> Cc: Roland Dreier <rola...@cisco.com> diff --git a/drivers/infiniband/ulp/srp/ib_srp.c b/drivers/infiniband/ulp/srp/ib_srp.c index ed3f9eb..330452c 100644 --- a/drivers/infiniband/ulp/srp/ib_srp.c +++ b/drivers/infiniband/ulp/srp/ib_srp.c @@ -834,10 +834,12 @@ static void srp_process_rsp(struct srp_target_port *target, struct srp_rsp *rsp) complete(&req->done); } else { scmnd = req->scmnd; - if (!scmnd) + if (!scmnd) { shost_printk(KERN_ERR, target->scsi_host, "Null scmnd for RSP w/tag %016llx\n", (unsigned long long) rsp->tag); + goto out_unlock; + } scmnd->result = rsp->status; if (rsp->flags & SRP_RSP_FLAG_SNSVALID) { @@ -861,6 +863,7 @@ static void srp_process_rsp(struct srp_target_port *target, struct srp_rsp *rsp) req->cmd_done = 1; } +out_unlock: spin_unlock_irqrestore(target->scsi_host->host_lock, flags); } -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html