scsi: qedi: Fix null ref during abort handling

[ Upstream commit 5777b7f0f03ce49372203b6521631f62f2810c8f ]

If qedi_process_cmd_cleanup_resp finds the cmd it frees the work and sets
list_tmf_work to NULL, so qedi_tmf_work should check if list_tmf_work is
non-NULL when it wants to force cleanup.

Link: https://lore.kernel.org/r/20210525181821.7617-20-michael.christie@oracle.com
Reviewed-by: Manish Rangankar <mrangankar@marvell.com>
Signed-off-by: Mike Christie <michael.christie@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/drivers/scsi/qedi/qedi_fw.c b/drivers/scsi/qedi/qedi_fw.c
index e8f2c662471e0187ea1b3c371ba21e8fb9f7e7e8..662444bb67f6c1c813861379fad169436b426f80 100644 (file)
--- a/drivers/scsi/qedi/qedi_fw.c
+++ b/drivers/scsi/qedi/qedi_fw.c
@@ -1474,7 +1474,7 @@ static void qedi_tmf_work(struct work_struct *work)
 
 ldel_exit:
        spin_lock_bh(&qedi_conn->tmf_work_lock);
-       if (!qedi_cmd->list_tmf_work) {
+       if (qedi_cmd->list_tmf_work) {
                list_del_init(&list_work->list);
                qedi_cmd->list_tmf_work = NULL;
                kfree(list_work);