Patchwork [Open-FCoE,04/13] libfc: Fix fc_exch_find()

login
register
mail settings
Submitter Bart Van Assche
Date Aug. 14, 2013, 7:34 a.m.
Message ID <520B32F9.2060709@acm.org>
Download mbox | patch
Permalink /patch/88/
State Superseded
Headers show

Comments

Bart Van Assche - Aug. 14, 2013, 7:34 a.m.
Avoid that fc_exch_find() can return a non-zero exchange pointer if
the exchange ID does not match. Found this by code inspection.

Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Cc: Robert Love <robert.w.love@intel.com>
Cc: Neil Horman <nhorman@tuxdriver.com>
---
 drivers/scsi/libfc/fc_exch.c |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

Patch

diff --git a/drivers/scsi/libfc/fc_exch.c b/drivers/scsi/libfc/fc_exch.c
index d0be52a..48f3293 100644
--- a/drivers/scsi/libfc/fc_exch.c
+++ b/drivers/scsi/libfc/fc_exch.c
@@ -836,8 +836,12 @@  static struct fc_exch *fc_exch_find(struct fc_exch_mgr *mp, u16 xid)
 		pool = per_cpu_ptr(mp->pool, xid & fc_cpu_mask);
 		spin_lock_bh(&pool->lock);
 		ep = fc_exch_ptr_get(pool, (xid - mp->min_xid) >> fc_cpu_order);
-		if (ep && ep->xid == xid)
-			fc_exch_hold(ep);
+		if (ep) {
+			if (ep->xid == xid)
+				fc_exch_hold(ep);
+			else
+				ep = NULL;
+		}
 		spin_unlock_bh(&pool->lock);
 	}
 	return ep;