[SCSI] megaraid_sas: Fix instance access in megasas_reset_timer
The following patch for megaraid_sas will fix a potential bad pointer access in megasas_reset_timer(), when a MegaRAID 9265/9285 or 9360/9380 gets a timeout. megasas_build_io_fusion() sets SCp.ptr to be a struct megasas_cmd_fusion *, but then megasas_reset_timer() was casting SCp.ptr to be a struct megasas_cmd *, then trying to access cmd->instance, which is invalid. Just loading instance from scmd->device->host->hostdata in megasas_reset_timer() fixes the issue. Signed-off-by: Adam Radford <aradford@gmail.com> Cc: stable@kernel.org Signed-off-by: James Bottomley <JBottomley@Parallels.com>
This commit is contained in:
adam radford
James Bottomley
Родитель
fba63097b8
Коммит
f575c5d3eb
|
|
@ -1914,7 +1914,6 @@ static int megasas_generic_reset(struct scsi_cmnd *scmd)
|
||||||
static enum
|
static enum
|
||||||
blk_eh_timer_return megasas_reset_timer(struct scsi_cmnd *scmd)
|
blk_eh_timer_return megasas_reset_timer(struct scsi_cmnd *scmd)
|
||||||
{
|
{
|
||||||
struct megasas_cmd *cmd = (struct megasas_cmd *)scmd->SCp.ptr;
|
|
||||||
struct megasas_instance *instance;
|
struct megasas_instance *instance;
|
||||||
unsigned long flags;
|
unsigned long flags;
|
||||||
|
|
||||||
|
|
@ -1923,7 +1922,7 @@ blk_eh_timer_return megasas_reset_timer(struct scsi_cmnd *scmd)
|
||||||
return BLK_EH_NOT_HANDLED;
|
return BLK_EH_NOT_HANDLED;
|
||||||
}
|
}
|
||||||
|
|
||||||
instance = cmd->instance;
|
instance = (struct megasas_instance *)scmd->device->host->hostdata;
|
||||||
if (!(instance->flag & MEGASAS_FW_BUSY)) {
|
if (!(instance->flag & MEGASAS_FW_BUSY)) {
|
||||||
/* FW is busy, throttle IO */
|
/* FW is busy, throttle IO */
|
||||||
spin_lock_irqsave(instance->host->host_lock, flags);
|
spin_lock_irqsave(instance->host->host_lock, flags);
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче