From: Christoph Hellwig <hch@lst.de>
Date: Thu, 7 Sep 2017 11:54:36 +0000 (+0200)
Subject: scsi: scsi_transport_fc: fix NULL pointer dereference in fc_bsg_job_timeout
X-Git-Tag: v4.14-rc4~1^2~17
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=b468b6a4969f9bdddb31d484f151bfa03fbee767;p=platform%2Fkernel%2Flinux-exynos.git

scsi: scsi_transport_fc: fix NULL pointer dereference in fc_bsg_job_timeout

bsg-lib now embeddeds the job structure into the request, and
req->special can't be used anymore.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Cc: stable@vger.kernel.org
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
---

diff --git a/drivers/scsi/scsi_transport_fc.c b/drivers/scsi/scsi_transport_fc.c
index 3c6bc00..ba9d70f 100644
--- a/drivers/scsi/scsi_transport_fc.c
+++ b/drivers/scsi/scsi_transport_fc.c
@@ -3571,7 +3571,7 @@ fc_vport_sched_delete(struct work_struct *work)
 static enum blk_eh_timer_return
 fc_bsg_job_timeout(struct request *req)
 {
-	struct bsg_job *job = (void *) req->special;
+	struct bsg_job *job = blk_mq_rq_to_pdu(req);
 	struct Scsi_Host *shost = fc_bsg_to_shost(job);
 	struct fc_rport *rport = fc_bsg_to_rport(job);
 	struct fc_internal *i = to_fc_internal(shost->transportt);