scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID

An error case exit from lpfc_cmpl_ct_cmd_gft_id() results in a call to
lpfc_nlp_put() with a null pointer to a nodelist structure.

Changed lpfc_cmpl_ct_cmd_gft_id() to initialize nodelist pointer upon
entry.

Link: https://lore.kernel.org/r/20220819011736.14141-3-jsmart2021@gmail.com
Co-developed-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

diff --git a/drivers/scsi/lpfc/lpfc_ct.c b/drivers/scsi/lpfc/lpfc_ct.c
index 13dfe28..b555ccb 100644 (file)
--- a/drivers/scsi/lpfc/lpfc_ct.c
+++ b/drivers/scsi/lpfc/lpfc_ct.c
@@ -1509,7 +1509,7 @@ lpfc_cmpl_ct_cmd_gft_id(struct lpfc_hba *phba, struct lpfc_iocbq *cmdiocb,
        struct lpfc_sli_ct_request *CTrsp;
        int did;
        struct lpfc_nodelist *ndlp = NULL;
-       struct lpfc_nodelist *ns_ndlp = NULL;
+       struct lpfc_nodelist *ns_ndlp = cmdiocb->ndlp;
        uint32_t fc4_data_0, fc4_data_1;
        u32 ulp_status = get_job_ulpstatus(phba, rspiocb);
        u32 ulp_word4 = get_job_word4(phba, rspiocb);
@@ -1522,15 +1522,12 @@ lpfc_cmpl_ct_cmd_gft_id(struct lpfc_hba *phba, struct lpfc_iocbq *cmdiocb,
                              ulp_status, ulp_word4, did);
 
        /* Ignore response if link flipped after this request was made */
-       if ((uint32_t) cmdiocb->event_tag != phba->fc_eventTag) {
+       if ((uint32_t)cmdiocb->event_tag != phba->fc_eventTag) {
                lpfc_printf_vlog(vport, KERN_INFO, LOG_DISCOVERY,
                                 "9046 Event tag mismatch. Ignoring NS rsp\n");
                goto out;
        }
 
-       /* Preserve the nameserver node to release the reference. */
-       ns_ndlp = cmdiocb->ndlp;
-
        if (ulp_status == IOSTAT_SUCCESS) {
                /* Good status, continue checking */
                CTrsp = (struct lpfc_sli_ct_request *)outp->virt;