From d4042e9c84864a5666dc8ec14b3c1a5597b6a73f Mon Sep 17 00:00:00 2001 From: Bhanu Prakash Gollapudi Date: Fri, 10 Feb 2012 17:18:51 -0800 Subject: [PATCH] [SCSI] libfc: Fix panic in fc_exch_recv Adding and removing the host into the zone causes this panic. BUG: unable to handle kernel NULL pointer dereference at 00000000000000a0 IP: [] fc_exch_recv+0xc57/0xe70 [libfc] Call Trace: [] bnx2fc_l2_rcv_thread+0x37b/0x430 [bnx2fc] [] ? bnx2fc_l2_rcv_thread+0x0/0x430 [bnx2fc] [] kthread+0x96/0xa0 [] child_rip+0xa/0x20 [] ? kthread+0x0/0xa0 [] ? child_rip+0x0/0x20 During fc_exch_reset, the active exchanges are aborted and the exch is deleted. As part of processing ABTS response, due to 'ep' being NULL, any access to ep in fc_exch_recv_bls() causes this panic. Fixed to access 'ep' only if non-NULL. Reviewed-by: Neerav Parikh Signed-off-by: Bhanu Prakash Gollapudi Signed-off-by: Robert Love Signed-off-by: James Bottomley --- drivers/scsi/libfc/fc_exch.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/scsi/libfc/fc_exch.c b/drivers/scsi/libfc/fc_exch.c index 4d70d96fa5dc..630291f01826 100644 --- a/drivers/scsi/libfc/fc_exch.c +++ b/drivers/scsi/libfc/fc_exch.c @@ -1642,9 +1642,10 @@ static void fc_exch_recv_bls(struct fc_exch_mgr *mp, struct fc_frame *fp) case FC_RCTL_ACK_0: break; default: - FC_EXCH_DBG(ep, "BLS rctl %x - %s received", - fh->fh_r_ctl, - fc_exch_rctl_name(fh->fh_r_ctl)); + if (ep) + FC_EXCH_DBG(ep, "BLS rctl %x - %s received", + fh->fh_r_ctl, + fc_exch_rctl_name(fh->fh_r_ctl)); break; } fc_frame_free(fp);