[openib-general] [PATCH] SRP: fix crash in srp_process_rsp
Ishai Rabinovitz
ishai at mellanox.co.il
Wed Apr 26 07:50:01 PDT 2006
Hi
srp_process_rsp crashes on NULL pointer dereference.
The following fixes the crash.
Is this a correct fix?
---
Avoiding dereference of a null pointer.
Signed-off-by: Ishai Rabinovitz <ishai at mellanox.co.il>
Index: last_stable/drivers/infiniband/ulp/srp/ib_srp.c
===================================================================
--- last_stable.orig/drivers/infiniband/ulp/srp/ib_srp.c 2006-04-26 15:38:23.000000000 +0300
+++ last_stable/drivers/infiniband/ulp/srp/ib_srp.c 2006-04-26 17:45:22.000000000 +0300
@@ -655,9 +655,11 @@ static void srp_process_rsp(struct srp_t
complete(&req->done);
} else {
scmnd = req->scmnd;
- if (!scmnd)
+ if (!scmnd) {
printk(KERN_ERR "Null scmnd for RSP w/tag %016llx\n",
(unsigned long long) rsp->tag);
+ goto unlock;
+ }
scmnd->result = rsp->status;
if (rsp->flags & SRP_RSP_FLAG_SNSVALID) {
@@ -683,7 +685,7 @@ static void srp_process_rsp(struct srp_t
} else
req->cmd_done = 1;
}
-
+unlock:
spin_unlock_irqrestore(target->scsi_host->host_lock, flags);
}
--
Ishai Rabinovitz
More information about the general
mailing list