summaryrefslogtreecommitdiff
path: root/drivers/scsi/qedf
diff options
context:
space:
mode:
authorChad Dupuis <cdupuis@marvell.com>2019-03-26 10:38:46 +0300
committerMartin K. Petersen <martin.petersen@oracle.com>2019-03-28 04:54:52 +0300
commit627cc7dd73f6aa3025398507c729b97fb19c270b (patch)
tree14ce2ee34ec79f0ff00b3702c7f3a0f7b3535d11 /drivers/scsi/qedf
parent78a8ab3cc0f95a66c8fb2429030289103de173e7 (diff)
downloadlinux-627cc7dd73f6aa3025398507c729b97fb19c270b.tar.xz
scsi: qedf: Add additional checks for io_req->sc_cmd validity
- Check the validity of various pointers before processing. Signed-off-by: Chad Dupuis <cdupuis@marvell.com> Signed-off-by: Saurav Kashyap <skashyap@marvell.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Diffstat (limited to 'drivers/scsi/qedf')
-rw-r--r--drivers/scsi/qedf/qedf_io.c39
1 files changed, 37 insertions, 2 deletions
diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index ab6705660e67..8d09cf3fe49b 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -1324,7 +1324,7 @@ void qedf_scsi_done(struct qedf_ctx *qedf, struct qedf_ioreq *io_req,
if (!virt_addr_valid(sc_cmd)) {
QEDF_ERR(&qedf->dbg_ctx, "sc_cmd=%p is not valid.", sc_cmd);
- return;
+ goto bad_scsi_ptr;
}
if (!sc_cmd->SCp.ptr) {
@@ -1336,7 +1336,34 @@ void qedf_scsi_done(struct qedf_ctx *qedf, struct qedf_ioreq *io_req,
if (!sc_cmd->device) {
QEDF_ERR(&qedf->dbg_ctx, "Device for sc_cmd %p is NULL.\n",
sc_cmd);
- return;
+ goto bad_scsi_ptr;
+ }
+
+ if (!virt_addr_valid(sc_cmd->device)) {
+ QEDF_ERR(&qedf->dbg_ctx,
+ "Device pointer for sc_cmd %p is bad.\n", sc_cmd);
+ goto bad_scsi_ptr;
+ }
+
+ if (!sc_cmd->sense_buffer) {
+ QEDF_ERR(&qedf->dbg_ctx,
+ "sc_cmd->sense_buffer for sc_cmd %p is NULL.\n",
+ sc_cmd);
+ goto bad_scsi_ptr;
+ }
+
+ if (!virt_addr_valid(sc_cmd->sense_buffer)) {
+ QEDF_ERR(&qedf->dbg_ctx,
+ "sc_cmd->sense_buffer for sc_cmd %p is bad.\n",
+ sc_cmd);
+ goto bad_scsi_ptr;
+ }
+
+ if (!sc_cmd->scsi_done) {
+ QEDF_ERR(&qedf->dbg_ctx,
+ "sc_cmd->scsi_done for sc_cmd %p is NULL.\n",
+ sc_cmd);
+ goto bad_scsi_ptr;
}
qedf_unmap_sg_list(qedf, io_req);
@@ -1365,6 +1392,14 @@ void qedf_scsi_done(struct qedf_ctx *qedf, struct qedf_ioreq *io_req,
sc_cmd->SCp.ptr = NULL;
sc_cmd->scsi_done(sc_cmd);
kref_put(&io_req->refcount, qedf_release_cmd);
+
+bad_scsi_ptr:
+ /*
+ * Clear the io_req->sc_cmd backpointer so we don't try to process
+ * this again
+ */
+ io_req->sc_cmd = NULL;
+ kref_put(&io_req->refcount, qedf_release_cmd); /* ID: 001 */
}
/*