[ofa-general] Re: [PATCH 2.6.30.4] Fix for NULL pointer dereference by SRP initiator triggered by a SCSI reset after the SRP connection has been closed
Bart Van Assche
bart.vanassche at gmail.com
Wed Aug 5 10:48:40 PDT 2009
On Wed, Aug 5, 2009 at 7:40 PM, Roland Dreier<rdreier at cisco.com> wrote:
> Now I'm confused about this patch for another reason:
>
> > @@ -1429,6 +1431,8 @@ static int srp_reset_device(struct scsi_
> > return FAILED;
> > if (req->tsk_status)
> > return FAILED;
> > + if (!req->scmnd->device)
> > + return FAILED;
> >
> > spin_lock_irq(target->scsi_host->host_lock);
>
> This adds the check *after* the call to srp_send_tsk_mgmt() -- which is
> where scmnd->device will be dereferenced. So how does this fix the bug?
I made a mistake while preparing and posting the patch. The check
should have been inserted before the call to srp_send_tsk_mgmt() of
course.
Bart.
More information about the general
mailing list