aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVasu Dev <vasu.dev@intel.com>2010-02-16 15:15:18 -0500
committerJames Bottomley <James.Bottomley@suse.de>2010-02-17 18:43:34 -0500
commitbe88d3b26897e3e942f2f36ad3d0ffbe002c0088 (patch)
tree6c815aca8a78df980e9dafaa7cecf3a6ba5af33f
parent5fceef1f357e1b3485363e6e240369fc8cbee173 (diff)
[SCSI] libfc: call ddp setup for only FCP reads to avoid accessing junk fsp pointer
Adds check to call fc_fcp_ddp_setup for only FCP read cmds to avoid accessing junk fsp pointer at least in ESX since non FCP frame had junk fsp value, though fsp is implicitly initialized to null by __alloc_skb but with this patch no more relying on fsp initialized to null value and hitting junk fsp ptr access. Removes fsp pointer checking in fc_fcp_ddp_setup as this is not needed any more since its only caller for FCP read will always have a valid fsp. Reported by: Frank Zhang <frank_1.zhang@intel.com> Reported by: Rob Love <robert.w.love@intel.com> Signed-off-by: Vasu Dev <vasu.dev@intel.com> Signed-off-by: Robert Love <robert.w.love@intel.com> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
-rw-r--r--drivers/scsi/libfc/fc_exch.c2
-rw-r--r--drivers/scsi/libfc/fc_fcp.c3
2 files changed, 1 insertions, 4 deletions
diff --git a/drivers/scsi/libfc/fc_exch.c b/drivers/scsi/libfc/fc_exch.c
index 19d711cb938c..7f4364770e4a 100644
--- a/drivers/scsi/libfc/fc_exch.c
+++ b/drivers/scsi/libfc/fc_exch.c
@@ -1890,7 +1890,7 @@ static struct fc_seq *fc_exch_seq_send(struct fc_lport *lport,
1890 fc_exch_setup_hdr(ep, fp, ep->f_ctl); 1890 fc_exch_setup_hdr(ep, fp, ep->f_ctl);
1891 sp->cnt++; 1891 sp->cnt++;
1892 1892
1893 if (ep->xid <= lport->lro_xid) 1893 if (ep->xid <= lport->lro_xid && fh->fh_r_ctl == FC_RCTL_DD_UNSOL_CMD)
1894 fc_fcp_ddp_setup(fr_fsp(fp), ep->xid); 1894 fc_fcp_ddp_setup(fr_fsp(fp), ep->xid);
1895 1895
1896 if (unlikely(lport->tt.frame_send(lport, fp))) 1896 if (unlikely(lport->tt.frame_send(lport, fp)))
diff --git a/drivers/scsi/libfc/fc_fcp.c b/drivers/scsi/libfc/fc_fcp.c
index 881d5dfe8c74..6fde2fabfd9b 100644
--- a/drivers/scsi/libfc/fc_fcp.c
+++ b/drivers/scsi/libfc/fc_fcp.c
@@ -298,9 +298,6 @@ void fc_fcp_ddp_setup(struct fc_fcp_pkt *fsp, u16 xid)
298{ 298{
299 struct fc_lport *lport; 299 struct fc_lport *lport;
300 300
301 if (!fsp)
302 return;
303
304 lport = fsp->lp; 301 lport = fsp->lp;
305 if ((fsp->req_flags & FC_SRB_READ) && 302 if ((fsp->req_flags & FC_SRB_READ) &&
306 (lport->lro_enabled) && (lport->tt.ddp_setup)) { 303 (lport->lro_enabled) && (lport->tt.ddp_setup)) {