[ofa-general] [PATCH 2.6.30.4] Fix for NULL pointer dereference by SRP initiator triggered by a SCSI reset after the SRP connection has been closed

[Bart Van Assche]

Issuing a SCSI reset command on an SRP initiator after the SRP connection has
been closed triggers a NULL pointer dereference. The patch below fixes this
NULL pointer dereference.

See also http://bugzilla.kernel.org/show_bug.cgi?id=13893.

Signed-off-by: <bart.vanassche at gmail.com>
Cc: Roland Dreier <rolandd at cisco.com>
Cc: Sean Hefty <sean.hefty at intel.com>
Cc: Hal Rosenstock <hal.rosenstock at gmail.com>

--- linux-2.6.30.4/drivers/infiniband/ulp/srp/ib_srp-orig.c	2009-08-03
12:13:11.000000000 +0200
+++ linux-2.6.30.4/drivers/infiniband/ulp/srp/ib_srp.c	2009-08-03
14:58:36.000000000 +0200
@@ -1330,6 +1330,8 @@ static int srp_send_tsk_mgmt(struct srp_
 	struct srp_iu *iu;
 	struct srp_tsk_mgmt *tsk_mgmt;

+	BUG_ON(!req->scmnd->device);
+
 	spin_lock_irq(target->scsi_host->host_lock);

 	if (target->state == SRP_TARGET_DEAD ||
@@ -1429,6 +1431,8 @@ static int srp_reset_device(struct scsi_
 		return FAILED;
 	if (req->tsk_status)
 		return FAILED;
+	if (!req->scmnd->device)
+		return FAILED;

 	spin_lock_irq(target->scsi_host->host_lock);