From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752591AbdK0Nwl (ORCPT ); Mon, 27 Nov 2017 08:52:41 -0500 Received: from gateway20.websitewelcome.com ([192.185.65.13]:36659 "EHLO gateway20.websitewelcome.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752187AbdK0Nwk (ORCPT ); Mon, 27 Nov 2017 08:52:40 -0500 Date: Mon, 27 Nov 2017 07:52:30 -0600 From: "Gustavo A. R. Silva" To: James Smart , Dick Kennedy , "James E.J. Bottomley" , "Martin K. Petersen" Cc: linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org, "Gustavo A. R. Silva" Subject: [PATCH] scsi: lpfc: Fix potential NULL pointer dereference in lpfc_nvme_fcp_io_submit Message-ID: <20171127135230.GA4546@embeddedor.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - gator4166.hostgator.com X-AntiAbuse: Original Domain - vger.kernel.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - embeddedor.com X-BWhitelist: no X-Source-IP: 189.175.122.225 X-Source-L: No X-Exim-ID: 1eJJpu-0035Yc-1q X-Source: X-Source-Args: X-Source-Dir: X-Source-Sender: (embeddedor) [189.175.122.225]:45866 X-Source-Auth: garsilva@embeddedor.com X-Email-Count: 6 X-Source-Cap: Z3V6aWRpbmU7Z3V6aWRpbmU7Z2F0b3I0MTY2Lmhvc3RnYXRvci5jb20= X-Local-Domain: yes Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org pnvme_lport is being dereferenced before it is null checked, hence there is a potential null pointer dereference. Fix this by null checking pnvme_lport before it is dereferenced. Addresses-Coverity-ID: 1423709 ("Dereference before null check") Fixes: b7672ae681f8 ("scsi: lpfc: Fix crash in lpfc_nvme_fcp_io_submit during LIP") Signed-off-by: Gustavo A. R. Silva --- Also, I wonder if the right pointer to check at line: if (!pnvme_rport || !freqpriv) { is pnvme_fcreq instead of freqpriv drivers/scsi/lpfc/lpfc_nvme.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/lpfc/lpfc_nvme.c b/drivers/scsi/lpfc/lpfc_nvme.c index 517ae57..68cba7d 100644 --- a/drivers/scsi/lpfc/lpfc_nvme.c +++ b/drivers/scsi/lpfc/lpfc_nvme.c @@ -1251,6 +1251,11 @@ lpfc_nvme_fcp_io_submit(struct nvme_fc_local_port *pnvme_lport, uint64_t start = 0; #endif + if (!pnvme_lport) { + ret = -ENODEV; + goto out_fail; + } + lport = (struct lpfc_nvme_lport *)pnvme_lport->private; vport = lport->vport; phba = vport->phba; @@ -1261,7 +1266,7 @@ lpfc_nvme_fcp_io_submit(struct nvme_fc_local_port *pnvme_lport, } /* Validate pointers. */ - if (!pnvme_lport || !pnvme_rport || !freqpriv) { + if (!pnvme_rport || !freqpriv) { lpfc_printf_vlog(vport, KERN_INFO, LOG_NVME_IOERR | LOG_NODE, "6117 No Send:IO submit ptrs NULL, lport %p, " "rport %p fcreq_priv %p\n", -- 2.7.4