diff options
author | Chad Dupuis <cdupuis@marvell.com> | 2019-03-26 10:38:46 +0300 |
---|---|---|
committer | Martin K. Petersen <martin.petersen@oracle.com> | 2019-03-28 04:54:52 +0300 |
commit | 627cc7dd73f6aa3025398507c729b97fb19c270b (patch) | |
tree | 14ce2ee34ec79f0ff00b3702c7f3a0f7b3535d11 | |
parent | 78a8ab3cc0f95a66c8fb2429030289103de173e7 (diff) | |
download | linux-627cc7dd73f6aa3025398507c729b97fb19c270b.tar.xz |
scsi: qedf: Add additional checks for io_req->sc_cmd validity
- Check the validity of various pointers before processing.
Signed-off-by: Chad Dupuis <cdupuis@marvell.com>
Signed-off-by: Saurav Kashyap <skashyap@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
-rw-r--r-- | drivers/scsi/qedf/qedf_io.c | 39 |
1 files changed, 37 insertions, 2 deletions
diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c index ab6705660e67..8d09cf3fe49b 100644 --- a/drivers/scsi/qedf/qedf_io.c +++ b/drivers/scsi/qedf/qedf_io.c @@ -1324,7 +1324,7 @@ void qedf_scsi_done(struct qedf_ctx *qedf, struct qedf_ioreq *io_req, if (!virt_addr_valid(sc_cmd)) { QEDF_ERR(&qedf->dbg_ctx, "sc_cmd=%p is not valid.", sc_cmd); - return; + goto bad_scsi_ptr; } if (!sc_cmd->SCp.ptr) { @@ -1336,7 +1336,34 @@ void qedf_scsi_done(struct qedf_ctx *qedf, struct qedf_ioreq *io_req, if (!sc_cmd->device) { QEDF_ERR(&qedf->dbg_ctx, "Device for sc_cmd %p is NULL.\n", sc_cmd); - return; + goto bad_scsi_ptr; + } + + if (!virt_addr_valid(sc_cmd->device)) { + QEDF_ERR(&qedf->dbg_ctx, + "Device pointer for sc_cmd %p is bad.\n", sc_cmd); + goto bad_scsi_ptr; + } + + if (!sc_cmd->sense_buffer) { + QEDF_ERR(&qedf->dbg_ctx, + "sc_cmd->sense_buffer for sc_cmd %p is NULL.\n", + sc_cmd); + goto bad_scsi_ptr; + } + + if (!virt_addr_valid(sc_cmd->sense_buffer)) { + QEDF_ERR(&qedf->dbg_ctx, + "sc_cmd->sense_buffer for sc_cmd %p is bad.\n", + sc_cmd); + goto bad_scsi_ptr; + } + + if (!sc_cmd->scsi_done) { + QEDF_ERR(&qedf->dbg_ctx, + "sc_cmd->scsi_done for sc_cmd %p is NULL.\n", + sc_cmd); + goto bad_scsi_ptr; } qedf_unmap_sg_list(qedf, io_req); @@ -1365,6 +1392,14 @@ void qedf_scsi_done(struct qedf_ctx *qedf, struct qedf_ioreq *io_req, sc_cmd->SCp.ptr = NULL; sc_cmd->scsi_done(sc_cmd); kref_put(&io_req->refcount, qedf_release_cmd); + +bad_scsi_ptr: + /* + * Clear the io_req->sc_cmd backpointer so we don't try to process + * this again + */ + io_req->sc_cmd = NULL; + kref_put(&io_req->refcount, qedf_release_cmd); /* ID: 001 */ } /* |