[ofa-general] Re: sg_reset can trigger a NULL pointer dereference in the SRP initiator
Roland Dreier
rdreier at cisco.com
Thu Aug 6 10:41:03 PDT 2009
> Specifically scmnd->host_scribble can just be Zero.
I see at last, thanks!
The issue is that SRP is using host_scribble to hold an index, and index
0 is valid for us.
I guess the fix is a bit complex, but basically we should use
host_scribble to point to the request, and if we don't find a request in
reset_device we should allocate one.
It's a bit unfortunate that the SCSI midlayer bypasses queueing for the
device reset command because it means we may not have a slot in our
queue for the reset request etc but I suppose that's even more involved
to fix.
- R.
More information about the general
mailing list