Message ID | 20190314063100.12805-1-kjlu@umn.edu (mailing list archive) |
---|---|
State | Mainlined |
Commit | fba1bdd2a9a93f3e2181ec1936a3c2f6b37e7ed6 |
Headers | show |
Series | scsi: qla4xxx: fix a potential NULL pointer dereference | expand |
On 3/14/19 1:30 AM, Kangjie Lu wrote: > In case iscsi_lookup_endpoint fails, the fix returns -EINVAL to > avoid NULL pointer dereference. > > Signed-off-by: Kangjie Lu <kjlu@umn.edu> > --- > drivers/scsi/qla4xxx/ql4_os.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c > index a77bfb224248..80289c885c07 100644 > --- a/drivers/scsi/qla4xxx/ql4_os.c > +++ b/drivers/scsi/qla4xxx/ql4_os.c > @@ -3203,6 +3203,8 @@ static int qla4xxx_conn_bind(struct iscsi_cls_session *cls_session, > if (iscsi_conn_bind(cls_session, cls_conn, is_leading)) > return -EINVAL; > ep = iscsi_lookup_endpoint(transport_fd); > + if (!ep) > + return -EINVAL; > conn = cls_conn->dd_data; > qla_conn = conn->dd_data; > qla_conn->qla_ep = ep->dd_data; Gentle reminder, could someone please review this ?
> -----Original Message----- > From: linux-scsi-owner@vger.kernel.org <linux-scsi- > owner@vger.kernel.org> On Behalf Of Kangjie Lu > Sent: Thursday, March 14, 2019 12:01 PM > To: kjlu@umn.edu > Cc: pakki001@umn.edu; QLogic-Storage-Upstream@qlogic.com; James E.J. > Bottomley <jejb@linux.ibm.com>; Martin K. Petersen > <martin.petersen@oracle.com>; linux-scsi@vger.kernel.org; linux- > kernel@vger.kernel.org > Subject: [PATCH] scsi: qla4xxx: fix a potential NULL pointer dereference > > In case iscsi_lookup_endpoint fails, the fix returns -EINVAL to avoid NULL > pointer dereference. > > Signed-off-by: Kangjie Lu <kjlu@umn.edu> > --- > drivers/scsi/qla4xxx/ql4_os.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c > index a77bfb224248..80289c885c07 100644 > --- a/drivers/scsi/qla4xxx/ql4_os.c > +++ b/drivers/scsi/qla4xxx/ql4_os.c > @@ -3203,6 +3203,8 @@ static int qla4xxx_conn_bind(struct > iscsi_cls_session *cls_session, > if (iscsi_conn_bind(cls_session, cls_conn, is_leading)) > return -EINVAL; > ep = iscsi_lookup_endpoint(transport_fd); > + if (!ep) > + return -EINVAL; > conn = cls_conn->dd_data; > qla_conn = conn->dd_data; > qla_conn->qla_ep = ep->dd_data; > -- > 2.17.1 Thanks Acked-by: Manish Rangankar <mrangankar@marvell.com>
Kangjie, > In case iscsi_lookup_endpoint fails, the fix returns -EINVAL to avoid > NULL pointer dereference. Applied to 5.1/scsi-fixes, thanks.
diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c index a77bfb224248..80289c885c07 100644 --- a/drivers/scsi/qla4xxx/ql4_os.c +++ b/drivers/scsi/qla4xxx/ql4_os.c @@ -3203,6 +3203,8 @@ static int qla4xxx_conn_bind(struct iscsi_cls_session *cls_session, if (iscsi_conn_bind(cls_session, cls_conn, is_leading)) return -EINVAL; ep = iscsi_lookup_endpoint(transport_fd); + if (!ep) + return -EINVAL; conn = cls_conn->dd_data; qla_conn = conn->dd_data; qla_conn->qla_ep = ep->dd_data;
In case iscsi_lookup_endpoint fails, the fix returns -EINVAL to avoid NULL pointer dereference. Signed-off-by: Kangjie Lu <kjlu@umn.edu> --- drivers/scsi/qla4xxx/ql4_os.c | 2 ++ 1 file changed, 2 insertions(+)