| From 07973e9c959ba7bd73fdb564462bc9a7a5070da5 Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Wed, 29 Aug 2018 11:38:16 -0400 |
| Subject: scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() |
| |
| From: George Kennedy <george.kennedy@oracle.com> |
| |
| [ Upstream commit 288315e95264b6355e26609e9dec5dc4563d4ab0 ] |
| |
| sym_int_sir() in sym_hipd.c does not check the command pointer for NULL before |
| using it in debug message prints. |
| |
| Suggested-by: Matthew Wilcox <matthew.wilcox@oracle.com> |
| Signed-off-by: George Kennedy <george.kennedy@oracle.com> |
| Reviewed-by: Mark Kanda <mark.kanda@oracle.com> |
| Acked-by: Matthew Wilcox <matthew.wilcox@oracle.com> |
| Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| drivers/scsi/sym53c8xx_2/sym_hipd.c | 15 +++++++++++---- |
| 1 file changed, 11 insertions(+), 4 deletions(-) |
| |
| diff --git a/drivers/scsi/sym53c8xx_2/sym_hipd.c b/drivers/scsi/sym53c8xx_2/sym_hipd.c |
| index bd3f6e2d68344..0a2a54517b151 100644 |
| --- a/drivers/scsi/sym53c8xx_2/sym_hipd.c |
| +++ b/drivers/scsi/sym53c8xx_2/sym_hipd.c |
| @@ -4370,6 +4370,13 @@ static void sym_nego_rejected(struct sym_hcb *np, struct sym_tcb *tp, struct sym |
| OUTB(np, HS_PRT, HS_BUSY); |
| } |
| |
| +#define sym_printk(lvl, tp, cp, fmt, v...) do { \ |
| + if (cp) \ |
| + scmd_printk(lvl, cp->cmd, fmt, ##v); \ |
| + else \ |
| + starget_printk(lvl, tp->starget, fmt, ##v); \ |
| +} while (0) |
| + |
| /* |
| * chip exception handler for programmed interrupts. |
| */ |
| @@ -4415,7 +4422,7 @@ static void sym_int_sir(struct sym_hcb *np) |
| * been selected with ATN. We do not want to handle that. |
| */ |
| case SIR_SEL_ATN_NO_MSG_OUT: |
| - scmd_printk(KERN_WARNING, cp->cmd, |
| + sym_printk(KERN_WARNING, tp, cp, |
| "No MSG OUT phase after selection with ATN\n"); |
| goto out_stuck; |
| /* |
| @@ -4423,7 +4430,7 @@ static void sym_int_sir(struct sym_hcb *np) |
| * having reselected the initiator. |
| */ |
| case SIR_RESEL_NO_MSG_IN: |
| - scmd_printk(KERN_WARNING, cp->cmd, |
| + sym_printk(KERN_WARNING, tp, cp, |
| "No MSG IN phase after reselection\n"); |
| goto out_stuck; |
| /* |
| @@ -4431,7 +4438,7 @@ static void sym_int_sir(struct sym_hcb *np) |
| * an IDENTIFY. |
| */ |
| case SIR_RESEL_NO_IDENTIFY: |
| - scmd_printk(KERN_WARNING, cp->cmd, |
| + sym_printk(KERN_WARNING, tp, cp, |
| "No IDENTIFY after reselection\n"); |
| goto out_stuck; |
| /* |
| @@ -4460,7 +4467,7 @@ static void sym_int_sir(struct sym_hcb *np) |
| case SIR_RESEL_ABORTED: |
| np->lastmsg = np->msgout[0]; |
| np->msgout[0] = M_NOOP; |
| - scmd_printk(KERN_WARNING, cp->cmd, |
| + sym_printk(KERN_WARNING, tp, cp, |
| "message %x sent on bad reselection\n", np->lastmsg); |
| goto out; |
| /* |
| -- |
| 2.20.1 |
| |