From: Dan Carpenter <dan.carpenter@oracle.com>
To: anil_ravindranath@pmc-sierra.com
Cc: linux-scsi@vger.kernel.org
Subject: re: [SCSI] pmcraid: PMC-Sierra MaxRAID driver to support 6Gb/s SAS RAID controller
Date: Tue, 6 Jan 2015 12:53:08 +0300 [thread overview]
Message-ID: <20150106095308.GA8698@mwanda> (raw)
(Sorry, this code is really old, and normally I wouldn't report it but
I'm making a tutorial).
Hello Anil Ravindranath,
The patch 89a368104150: "[SCSI] pmcraid: PMC-Sierra MaxRAID driver to
support 6Gb/s SAS RAID controller" from Aug 25, 2009, leads to the
following static checker warning:
drivers/scsi/pmcraid.c:3860 pmcraid_ioctl_passthrough()
error: potential NULL dereference 'cmd->scsi_cmd'.
drivers/scsi/pmcraid.c
3764 cmd->scsi_cmd = NULL;
^^^^^^^^^^^^^^^^^^^^
We set this to NULL here.
3765 ioarcb = &(cmd->ioa_cb->ioarcb);
3766
3767 /* Copy the user-provided IOARCB stuff field by field */
3768 ioarcb->resource_handle = buffer->ioarcb.resource_handle;
3769 ioarcb->data_transfer_length = buffer->ioarcb.data_transfer_length;
3770 ioarcb->cmd_timeout = buffer->ioarcb.cmd_timeout;
3771 ioarcb->request_type = buffer->ioarcb.request_type;
3772 ioarcb->request_flags0 = buffer->ioarcb.request_flags0;
3773 ioarcb->request_flags1 = buffer->ioarcb.request_flags1;
3774 memcpy(ioarcb->cdb, buffer->ioarcb.cdb, PMCRAID_MAX_CDB_LEN);
3775
3776 if (buffer->ioarcb.add_cmd_param_length) {
3777 ioarcb->add_cmd_param_length =
3778 buffer->ioarcb.add_cmd_param_length;
3779 ioarcb->add_cmd_param_offset =
3780 buffer->ioarcb.add_cmd_param_offset;
3781 memcpy(ioarcb->add_data.u.add_cmd_params,
3782 buffer->ioarcb.add_data.u.add_cmd_params,
3783 buffer->ioarcb.add_cmd_param_length);
3784 }
3785
3786 /* set hrrq number where the IOA should respond to. Note that all cmds
3787 * generated internally uses hrrq_id 0, exception to this is the cmd
3788 * block of scsi_cmd which is re-used (e.g. cancel/abort), which uses
3789 * hrrq_id assigned here in queuecommand
3790 */
3791 ioarcb->hrrq_id = atomic_add_return(1, &(pinstance->last_message_id)) %
3792 pinstance->num_hrrq;
3793
[ snip ]
3857 cmd->ioa_cb->ioarcb.cdb[0]);
3858
3859 spin_lock_irqsave(pinstance->host->host_lock, lock_flags);
3860 cancel_cmd = pmcraid_abort_cmd(cmd);
^^^^^^^^^^^^^^^^^^^^^^
This will Oops because cmd->scsi_cmd is NULL.
3861 spin_unlock_irqrestore(pinstance->host->host_lock, lock_flags);
3862
3863 if (cancel_cmd) {
regards,
dan carpenter
next reply other threads:[~2015-01-06 9:53 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-06 9:53 Dan Carpenter [this message]
-- strict thread matches above, loose matches on Subject: below --
2016-01-29 10:39 [SCSI] pmcraid: PMC-Sierra MaxRAID driver to support 6Gb/s SAS RAID controller Dan Carpenter
2018-10-04 8:28 Colin Ian King
2018-10-04 11:48 ` John Garry
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150106095308.GA8698@mwanda \
--to=dan.carpenter@oracle.com \
--cc=anil_ravindranath@pmc-sierra.com \
--cc=linux-scsi@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).