From: Christoph Hellwig <hch@lst.de>
Date: Thu, 7 Sep 2017 11:54:36 +0000 (+0200)
Subject: scsi: scsi_transport_fc: fix NULL pointer dereference in fc_bsg_job_timeout
X-Git-Tag: v4.13.5~100
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=7bcaa27f339f9b85f9d78740fd2490e76e8646fc;p=users%2Fdwmw2%2Flinux.git

scsi: scsi_transport_fc: fix NULL pointer dereference in fc_bsg_job_timeout

commit b468b6a4969f9bdddb31d484f151bfa03fbee767 upstream.

bsg-lib now embeddeds the job structure into the request, and
req->special can't be used anymore.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/drivers/scsi/scsi_transport_fc.c b/drivers/scsi/scsi_transport_fc.c
index 892fbd9800d98..bea06de608278 100644
--- a/drivers/scsi/scsi_transport_fc.c
+++ b/drivers/scsi/scsi_transport_fc.c
@@ -3550,7 +3550,7 @@ fc_vport_sched_delete(struct work_struct *work)
 static enum blk_eh_timer_return
 fc_bsg_job_timeout(struct request *req)
 {
-	struct bsg_job *job = (void *) req->special;
+	struct bsg_job *job = blk_mq_rq_to_pdu(req);
 	struct Scsi_Host *shost = fc_bsg_to_shost(job);
 	struct fc_rport *rport = fc_bsg_to_rport(job);
 	struct fc_internal *i = to_fc_internal(shost->transportt);