From: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
To: John Garry <john.garry@huawei.com>,
"James E.J. Bottomley" <jejb@linux.vnet.ibm.com>,
"Martin K. Petersen" <martin.petersen@oracle.com>,
Xiang Chen <chenxiang66@hisilicon.com>
Cc: linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org,
"Gustavo A. R. Silva" <gustavo@embeddedor.com>
Subject: [PATCH] scsi: hisi_sas: Fix NULL pointer dereference
Date: Thu, 18 Oct 2018 18:41:16 +0200 [thread overview]
Message-ID: <20181018164116.GA24330@embeddedor.com> (raw)
There is a NULL pointer dereference in case *slot* happens to
be NULL at line 1878:
struct hisi_sas_cq *cq =
&hisi_hba->cq[slot->dlvry_queue];
Notice that *slot* is being NULL checked at line 1881: if (slot),
which implies it may be NULL.
Fix this by placing the declaration and definition of variable cq,
which contains the pointer dereference slot->dlvry_queue, after
*slot* has been properly NULL checked.
Addresses-Coverity-ID: 1474515 ("Dereference before null check")
Fixes: 584f53fe5f52 ("scsi: hisi_sas: Fix the race between IO completion and timeout for SMP/internal IO")
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
---
drivers/scsi/hisi_sas/hisi_sas_main.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/hisi_sas/hisi_sas_main.c b/drivers/scsi/hisi_sas/hisi_sas_main.c
index 2e5eaf1..e3f7c7b 100644
--- a/drivers/scsi/hisi_sas/hisi_sas_main.c
+++ b/drivers/scsi/hisi_sas/hisi_sas_main.c
@@ -1875,10 +1875,10 @@ hisi_sas_internal_task_abort(struct hisi_hba *hisi_hba,
if ((task->task_state_flags & SAS_TASK_STATE_ABORTED)) {
if (!(task->task_state_flags & SAS_TASK_STATE_DONE)) {
struct hisi_sas_slot *slot = task->lldd_task;
- struct hisi_sas_cq *cq =
- &hisi_hba->cq[slot->dlvry_queue];
if (slot) {
+ struct hisi_sas_cq *cq =
+ &hisi_hba->cq[slot->dlvry_queue];
/*
* flush tasklet to avoid free'ing task
* before using task in IO completion
--
2.7.4
next reply other threads:[~2018-10-18 16:41 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-18 16:41 Gustavo A. R. Silva [this message]
2018-10-18 16:44 ` [PATCH] scsi: hisi_sas: Fix NULL pointer dereference Gustavo A. R. Silva
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181018164116.GA24330@embeddedor.com \
--to=gustavo@embeddedor.com \
--cc=chenxiang66@hisilicon.com \
--cc=jejb@linux.vnet.ibm.com \
--cc=john.garry@huawei.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.