* qla2xxx: NULL deref in qla_tgt_abort_task()
@ 2012-03-13 17:21 Dan Carpenter
2012-03-15 23:24 ` Nicholas A. Bellinger
0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2012-03-13 17:21 UTC (permalink / raw)
To: nab; +Cc: linux-scsi, linux-driver
Hello Nicholas,
This is a semi-automatic email about new static checker warnings.
The patch 962f988d031f: "qla2xxx: Add LLD target-mode infrastructure
for >= 24xx series" from Mar 8, 2012, leads to the following Smatch
complaint:
drivers/scsi/qla2xxx/qla_target.c:2873 qla_tgt_abort_task()
error: we previously assumed 'sess' could be null (see line 2870)
drivers/scsi/qla2xxx/qla_target.c
2869 sess = ha->tgt_ops->find_sess_by_loop_id(vha, loop_id);
2870 if (sess == NULL) {
^^^^^^^^^^^^
Test.
2871 ql_dbg(ql_dbg_tgt_mgt, vha, 0xe129, "qla_target(%d): task abort for unexisting "
2872 "session\n", vha->vp_idx);
2873 res = qla_tgt_sched_sess_work(sess->tgt, QLA_TGT_SESS_WORK_ABORT,
^^^^^^^^^
NULL dereference.
2874 iocb, sizeof(*iocb));
2875 if (res != 0)
regards,
dan carpenter
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: qla2xxx: NULL deref in qla_tgt_abort_task()
2012-03-13 17:21 qla2xxx: NULL deref in qla_tgt_abort_task() Dan Carpenter
@ 2012-03-15 23:24 ` Nicholas A. Bellinger
0 siblings, 0 replies; 2+ messages in thread
From: Nicholas A. Bellinger @ 2012-03-15 23:24 UTC (permalink / raw)
To: Dan Carpenter
Cc: linux-scsi, linux-driver, Andrew Vasquez, Giridhar Malavali,
target-devel
On Tue, 2012-03-13 at 20:21 +0300, Dan Carpenter wrote:
> Hello Nicholas,
>
> This is a semi-automatic email about new static checker warnings.
>
> The patch 962f988d031f: "qla2xxx: Add LLD target-mode infrastructure
> for >= 24xx series" from Mar 8, 2012, leads to the following Smatch
> complaint:
>
> drivers/scsi/qla2xxx/qla_target.c:2873 qla_tgt_abort_task()
> error: we previously assumed 'sess' could be null (see line 2870)
>
> drivers/scsi/qla2xxx/qla_target.c
> 2869 sess = ha->tgt_ops->find_sess_by_loop_id(vha, loop_id);
> 2870 if (sess == NULL) {
> ^^^^^^^^^^^^
> Test.
>
> 2871 ql_dbg(ql_dbg_tgt_mgt, vha, 0xe129, "qla_target(%d): task abort for unexisting "
> 2872 "session\n", vha->vp_idx);
> 2873 res = qla_tgt_sched_sess_work(sess->tgt, QLA_TGT_SESS_WORK_ABORT,
> ^^^^^^^^^
> NULL dereference.
>
> 2874 iocb, sizeof(*iocb));
> 2875 if (res != 0)
>
Should be using qla_hw_data->qla_tgt instead of sess->tgt..
Applying the following patch.
Thanks again DanC!
--nab
diff --git a/drivers/scsi/qla2xxx/qla_target.c b/drivers/scsi/qla2xxx/qla_target.c
index 2af075b..7210b28 100644
--- a/drivers/scsi/qla2xxx/qla_target.c
+++ b/drivers/scsi/qla2xxx/qla_target.c
@@ -2857,7 +2857,7 @@ static int qla_tgt_abort_task(struct scsi_qla_host *vha, imm_ntfy_from_isp_t *io
if (sess == NULL) {
ql_dbg(ql_dbg_tgt_mgt, vha, 0xe129, "qla_target(%d): task abort for unexisting "
"session\n", vha->vp_idx);
- res = qla_tgt_sched_sess_work(sess->tgt, QLA_TGT_SESS_WORK_ABORT,
+ res = qla_tgt_sched_sess_work(ha->qla_tgt, QLA_TGT_SESS_WORK_ABORT,
iocb, sizeof(*iocb));
if (res != 0)
sess->tgt->tm_to_unknown = 1;
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-03-15 23:24 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-03-13 17:21 qla2xxx: NULL deref in qla_tgt_abort_task() Dan Carpenter
2012-03-15 23:24 ` Nicholas A. Bellinger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox