Issuing a SCSI reset command on an SRP initiator after the SRP connection has been closed triggers a NULL pointer dereference. The patch below fixes this NULL pointer dereference.
See also http://bugzilla.kernel.org/show_bug.cgi?id=13893. Signed-off-by: <[email protected]> Cc: Roland Dreier <[email protected]> Cc: Sean Hefty <[email protected]> Cc: Hal Rosenstock <[email protected]> --- linux-2.6.30.4/drivers/infiniband/ulp/srp/ib_srp-orig.c 2009-08-03 12:13:11.000000000 +0200 +++ linux-2.6.30.4/drivers/infiniband/ulp/srp/ib_srp.c 2009-08-03 14:58:36.000000000 +0200 @@ -1330,6 +1330,8 @@ static int srp_send_tsk_mgmt(struct srp_ struct srp_iu *iu; struct srp_tsk_mgmt *tsk_mgmt; + BUG_ON(!req->scmnd->device); + spin_lock_irq(target->scsi_host->host_lock); if (target->state == SRP_TARGET_DEAD || @@ -1429,6 +1431,8 @@ static int srp_reset_device(struct scsi_ return FAILED; if (req->tsk_status) return FAILED; + if (!req->scmnd->device) + return FAILED; spin_lock_irq(target->scsi_host->host_lock); _______________________________________________ general mailing list [email protected] http://lists.openfabrics.org/cgi-bin/mailman/listinfo/general To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
