On Fri, 2011-07-22 at 14:50 -0700, Roland Dreier wrote: > From: Roland Dreier <roland@xxxxxxxxxxxxxxx> > > Avoid a crash dereferencing a NULL s_id in qla24xx_get_loop_id() when we > don't find a session in qla_tgt_exec_sess_work(); we need to have a > valid s_id pointer to create a new session. > > This is based on r3244 in https://scst.svn.sourceforge.net/svnroot/scst/trunk. > > Signed-off-by: Roland Dreier <roland@xxxxxxxxxxxxxxx> > --- Thanks for verifying this one Roland! Committed as 624b6a038e4c. --nab > drivers/scsi/qla2xxx/qla_target.c | 7 +++++++ > 1 files changed, 7 insertions(+), 0 deletions(-) > > diff --git a/drivers/scsi/qla2xxx/qla_target.c b/drivers/scsi/qla2xxx/qla_target.c > index 979b23e..e3a0392 100644 > --- a/drivers/scsi/qla2xxx/qla_target.c > +++ b/drivers/scsi/qla2xxx/qla_target.c > @@ -4718,6 +4718,7 @@ static void qla_tgt_exec_sess_work(struct qla_tgt *tgt, > unsigned long flags; > uint32_t be_s_id; > uint8_t *s_id = NULL; /* to hide compiler warnings */ > + uint8_t local_s_id[3]; > int rc, loop_id = -1; /* to hide compiler warnings */ > > DEBUG22(qla_printk(KERN_INFO, ha, "qla_tgt_exec_sess_work() processing -> prm %p\n", prm)); > @@ -4746,6 +4747,12 @@ static void qla_tgt_exec_sess_work(struct qla_tgt *tgt, > > sess = ha->qla2x_tmpl->find_sess_by_s_id(vha, > (unsigned char *)&be_s_id); > + if (!sess) { > + s_id = local_s_id; > + s_id[0] = prm->abts.fcp_hdr_le.s_id[2]; > + s_id[1] = prm->abts.fcp_hdr_le.s_id[1]; > + s_id[2] = prm->abts.fcp_hdr_le.s_id[0]; > + } > goto after_find; > } else > loop_id = GET_TARGET_ID(ha, &prm->tm_iocb); -- To unsubscribe from this list: send the line "unsubscribe target-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
