[PATCH 03/14] qedf: Fix crash during sg_reset.

From: Saurav Kashyap <skashyap@marvell.com>
To: <martin.petersen@oracle.com>
Cc: <gbasrur@marvell.com>, <svernekar@marvell.com>,
	<linux-scsi@vger.kernel.org>
Subject: [PATCH 03/14] qedf: Fix crash during sg_reset.
Date: Fri, 23 Aug 2019 02:52:33 -0700	[thread overview]
Message-ID: <20190823095244.7830-4-skashyap@marvell.com> (raw)
In-Reply-To: <20190823095244.7830-1-skashyap@marvell.com>

From: Arun Easi <aeasi@marvell.com>

Driver was attempting to print cdb[0], which is not set for resets
coming from SCSI ioctls. Check for cmd_len before accessing cmnd.

Crash info:
[84790.864747] BUG: unable to handle kernel NULL pointer dereference at (null)
[84790.864783] IP: qedf_initiate_tmf+0x7a/0x6e0 [qedf]
[84790.865204] Call Trace:
[84790.865246]  scsi_try_target_reset+0x2b/0x90 [scsi_mod]
[84790.865266]  scsi_ioctl_reset+0x20f/0x2a0 [scsi_mod]
[84790.865284]  scsi_ioctl+0x131/0x3a0 [scsi_mod]

Signed-off-by: Arun Easi <aeasi@marvell.com>
Signed-off-by: Saurav Kashyap <skashyap@marvell.com>
---
 drivers/scsi/qedf/qedf_io.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index 5b42892..7377a53 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -2403,8 +2403,8 @@ int qedf_initiate_tmf(struct scsi_cmnd *sc_cmd, u8 tm_flags)
 
 	QEDF_ERR(NULL,
 		 "tm_flags 0x%x sc_cmd %p op = 0x%02x target_id = 0x%x lun=%d\n",
-		 tm_flags, sc_cmd, sc_cmd->cmnd[0], rport->scsi_target_id,
-		 (int)sc_cmd->device->lun);
+		 tm_flags, sc_cmd, sc_cmd->cmd_len ? sc_cmd->cmnd[0] : 0xff,
+		 rport->scsi_target_id, (int)sc_cmd->device->lun);
 
 	if (!rdata || !kref_get_unless_zero(&rdata->kref)) {
 		QEDF_ERR(NULL, "stale rport\n");
-- 
1.8.3.1

