* [patch] pm8001: potential null dereference in
@ 2010-04-23 12:01 Dan Carpenter
2010-04-23 12:16 ` [patch] pm8001: potential null dereference inpm8001_dev_gone_notify() jack wang
0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2010-04-23 12:01 UTC (permalink / raw)
To: jack_wang
Cc: lindar_liu, James E.J. Bottomley, Tom Peng, Jiri Kosina,
linux-scsi, kernel-janitors
In the original code we dereferenced "pm8001_dev" before checking if it
was null. This patch moves the dereference inside the condition.
This was found by a static checker (smatch). I looked, but I couldn't
tell if "pm8001_dev" dev was ever actually null. The approach in this
patch seemed like the safest response.
Signed-off-by: Dan Carpenter <error27@gmail.com>
diff --git a/drivers/scsi/pm8001/pm8001_sas.c b/drivers/scsi/pm8001/pm8001_sas.c
index bff4f51..cd02cea 100644
--- a/drivers/scsi/pm8001/pm8001_sas.c
+++ b/drivers/scsi/pm8001/pm8001_sas.c
@@ -885,11 +885,13 @@ static void pm8001_dev_gone_notify(struct domain_device *dev)
u32 tag;
struct pm8001_hba_info *pm8001_ha;
struct pm8001_device *pm8001_dev = dev->lldd_dev;
- u32 device_id = pm8001_dev->device_id;
+
pm8001_ha = pm8001_find_ha_by_dev(dev);
spin_lock_irqsave(&pm8001_ha->lock, flags);
pm8001_tag_alloc(pm8001_ha, &tag);
if (pm8001_dev) {
+ u32 device_id = pm8001_dev->device_id;
+
PM8001_DISC_DBG(pm8001_ha,
pm8001_printk("found dev[%d:%x] is gone.\n",
pm8001_dev->device_id, pm8001_dev->dev_type));
^ permalink raw reply related [flat|nested] 2+ messages in thread
* RE: [patch] pm8001: potential null dereference inpm8001_dev_gone_notify()
2010-04-23 12:01 [patch] pm8001: potential null dereference in Dan Carpenter
@ 2010-04-23 12:16 ` jack wang
0 siblings, 0 replies; 2+ messages in thread
From: jack wang @ 2010-04-23 12:16 UTC (permalink / raw)
To: 'Dan Carpenter'
Cc: lindar_liu, 'James E.J. Bottomley', 'Tom Peng',
'Jiri Kosina', linux-scsi, kernel-janitors
In the original code we dereferenced "pm8001_dev" before checking if it
was null. This patch moves the dereference inside the condition.
This was found by a static checker (smatch). I looked, but I couldn't
tell if "pm8001_dev" dev was ever actually null. The approach in this
patch seemed like the safest response.
Signed-off-by: Dan Carpenter <error27@gmail.com>
diff --git a/drivers/scsi/pm8001/pm8001_sas.c
b/drivers/scsi/pm8001/pm8001_sas.c
index bff4f51..cd02cea 100644
--- a/drivers/scsi/pm8001/pm8001_sas.c
+++ b/drivers/scsi/pm8001/pm8001_sas.c
@@ -885,11 +885,13 @@ static void pm8001_dev_gone_notify(struct
domain_device *dev)
u32 tag;
struct pm8001_hba_info *pm8001_ha;
struct pm8001_device *pm8001_dev = dev->lldd_dev;
- u32 device_id = pm8001_dev->device_id;
+
pm8001_ha = pm8001_find_ha_by_dev(dev);
spin_lock_irqsave(&pm8001_ha->lock, flags);
pm8001_tag_alloc(pm8001_ha, &tag);
if (pm8001_dev) {
+ u32 device_id = pm8001_dev->device_id;
+
PM8001_DISC_DBG(pm8001_ha,
pm8001_printk("found dev[%d:%x] is gone.\n",
pm8001_dev->device_id, pm8001_dev->dev_type));
[Jack] Acked-by: Jack Wang <jack_wang@usish.com>
Thanks!
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2010-04-23 12:16 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-04-23 12:01 [patch] pm8001: potential null dereference in Dan Carpenter
2010-04-23 12:16 ` [patch] pm8001: potential null dereference inpm8001_dev_gone_notify() jack wang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox