[PATCH AUTOSEL 4.4 20/37] scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: James Smart <jsmart2021@gmail.com>,
	coverity-bot <keescook+coverity-bot@chromium.org>,
	James Bottomley <James.Bottomley@SteelEye.com>,
	"Gustavo A. R. Silva" <gustavo@embeddedor.com>,
	linux-next@vger.kernel.org, "Ewan D . Milne" <emilne@redhat.com>,
	Dick Kennedy <dick.kennedy@broadcom.com>,
	"Martin K . Petersen" <martin.petersen@oracle.com>,
	Sasha Levin <sashal@kernel.org>,
	linux-scsi@vger.kernel.org
Subject: [PATCH AUTOSEL 4.4 20/37] scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences
Date: Wed, 11 Dec 2019 10:37:56 -0500	[thread overview]
Message-ID: <20191211153813.24126-20-sashal@kernel.org> (raw)
In-Reply-To: <20191211153813.24126-1-sashal@kernel.org>

From: James Smart <jsmart2021@gmail.com>

[ Upstream commit 6c6d59e0fe5b86cf273d6d744a6a9768c4ecc756 ]

Coverity reported the following:

*** CID 101747:  Null pointer dereferences  (FORWARD_NULL)
/drivers/scsi/lpfc/lpfc_els.c: 4439 in lpfc_cmpl_els_rsp()
4433     			kfree(mp);
4434     		}
4435     		mempool_free(mbox, phba->mbox_mem_pool);
4436     	}
4437     out:
4438     	if (ndlp && NLP_CHK_NODE_ACT(ndlp)) {
vvv     CID 101747:  Null pointer dereferences  (FORWARD_NULL)
vvv     Dereferencing null pointer "shost".
4439     		spin_lock_irq(shost->host_lock);
4440     		ndlp->nlp_flag &= ~(NLP_ACC_REGLOGIN | NLP_RM_DFLT_RPI);
4441     		spin_unlock_irq(shost->host_lock);
4442
4443     		/* If the node is not being used by another discovery thread,
4444     		 * and we are sending a reject, we are done with it.

Fix by adding a check for non-null shost in line 4438.
The scenario when shost is set to null is when ndlp is null.
As such, the ndlp check present was sufficient. But better safe
than sorry so add the shost check.

Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
Addresses-Coverity-ID: 101747 ("Null pointer dereferences")
Fixes: 2e0fef85e098 ("[SCSI] lpfc: NPIV: split ports")

CC: James Bottomley <James.Bottomley@SteelEye.com>
CC: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
CC: linux-next@vger.kernel.org
Link: https://lore.kernel.org/r/20191111230401.12958-3-jsmart2021@gmail.com
Reviewed-by: Ewan D. Milne <emilne@redhat.com>
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/scsi/lpfc/lpfc_els.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/lpfc/lpfc_els.c b/drivers/scsi/lpfc/lpfc_els.c
index 7ca8c2522c928..530b7df21322a 100644
--- a/drivers/scsi/lpfc/lpfc_els.c
+++ b/drivers/scsi/lpfc/lpfc_els.c
@@ -3839,7 +3839,7 @@ lpfc_cmpl_els_rsp(struct lpfc_hba *phba, struct lpfc_iocbq *cmdiocb,
 		mempool_free(mbox, phba->mbox_mem_pool);
 	}
 out:
-	if (ndlp && NLP_CHK_NODE_ACT(ndlp)) {
+	if (ndlp && NLP_CHK_NODE_ACT(ndlp) && shost) {
 		spin_lock_irq(shost->host_lock);
 		ndlp->nlp_flag &= ~(NLP_ACC_REGLOGIN | NLP_RM_DFLT_RPI);
 		spin_unlock_irq(shost->host_lock);
-- 
2.20.1

next prev parent reply	other threads:[~2019-12-11 15:40 UTC|newest]

Thread overview: 42+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-12-11 15:37 [PATCH AUTOSEL 4.4 01/37] scsi: mpt3sas: Fix clear pending bit in ioctl status Sasha Levin
2019-12-11 15:37 ` [PATCH AUTOSEL 4.4 02/37] scsi: lpfc: Fix locking on mailbox command completion Sasha Levin
2019-12-11 15:37 ` [PATCH AUTOSEL 4.4 03/37] Input: atmel_mxt_ts - disable IRQ across suspend Sasha Levin
2019-12-11 15:37 ` [PATCH AUTOSEL 4.4 04/37] iommu/tegra-smmu: Fix page tables in > 4 GiB memory Sasha Levin
2019-12-11 15:37 ` [PATCH AUTOSEL 4.4 05/37] scsi: target: compare full CHAP_A Algorithm strings Sasha Levin
2019-12-11 15:37 ` [PATCH AUTOSEL 4.4 06/37] scsi: lpfc: Fix SLI3 hba in loop mode not discovering devices Sasha Levin
2019-12-11 15:37 ` [PATCH AUTOSEL 4.4 07/37] scsi: csiostor: Don't enable IRQs too early Sasha Levin
2019-12-11 15:37 ` [PATCH AUTOSEL 4.4 08/37] powerpc/pseries: Mark accumulate_stolen_time() as notrace Sasha Levin
2019-12-11 15:37 ` [PATCH AUTOSEL 4.4 09/37] dma-debug: add a schedule point in debug_dma_dump_mappings() Sasha Levin
2019-12-11 15:37 ` [PATCH AUTOSEL 4.4 10/37] clocksource/drivers/asm9260: Add a check for of_clk_get Sasha Levin
2019-12-11 15:37 ` [PATCH AUTOSEL 4.4 11/37] powerpc/security/book3s64: Report L1TF status in sysfs Sasha Levin
2019-12-11 15:37 ` [PATCH AUTOSEL 4.4 12/37] jbd2: Fix statistics for the number of logged blocks Sasha Levin
2019-12-11 15:37 ` [PATCH AUTOSEL 4.4 13/37] scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) Sasha Levin
2019-12-11 15:37 ` [PATCH AUTOSEL 4.4 14/37] scsi: lpfc: Fix duplicate unreg_rpi error in port offline flow Sasha Levin
2019-12-11 15:37 ` [PATCH AUTOSEL 4.4 15/37] clk: qcom: Allow constant ratio freq tables for rcg Sasha Levin
2019-12-11 15:37 ` [PATCH AUTOSEL 4.4 16/37] irqchip/irq-bcm7038-l1: Enable parent IRQ if necessary Sasha Levin
2019-12-11 15:37 ` [PATCH AUTOSEL 4.4 17/37] irqchip: ingenic: Error out if IRQ domain creation failed Sasha Levin
2019-12-11 15:37 ` [PATCH AUTOSEL 4.4 18/37] mfd: mfd-core: Honour Device Tree's request to disable a child-device Sasha Levin
2019-12-11 15:37 ` [PATCH AUTOSEL 4.4 19/37] fs/quota: handle overflows of sysctl fs.quota.* and report as unsigned long Sasha Levin
2019-12-11 15:37 ` Sasha Levin [this message]
2019-12-11 15:37 ` [PATCH AUTOSEL 4.4 21/37] scsi: ufs: fix potential bug which ends in system hang Sasha Levin
2019-12-11 15:37 ` [PATCH AUTOSEL 4.4 22/37] powerpc/pseries/cmm: Implement release() function for sysfs device Sasha Levin
2019-12-11 15:37 ` [PATCH AUTOSEL 4.4 23/37] powerpc/security: Fix wrong message when RFI Flush is disable Sasha Levin
2019-12-11 15:38 ` [PATCH AUTOSEL 4.4 24/37] clk: pxa: fix one of the pxa RTC clocks Sasha Levin
2019-12-11 15:38 ` [PATCH AUTOSEL 4.4 25/37] bcache: at least try to shrink 1 node in bch_mca_scan() Sasha Levin
2019-12-11 15:38 ` [PATCH AUTOSEL 4.4 26/37] HID: Improve Windows Precision Touchpad detection Sasha Levin
2019-12-11 15:38 ` [PATCH AUTOSEL 4.4 27/37] ext4: work around deleting a file with i_nlink == 0 safely Sasha Levin
2019-12-11 16:19   ` Theodore Y. Ts'o
2019-12-11 18:25     ` Greg KH
2019-12-11 20:04     ` Sasha Levin
2019-12-12 15:17       ` Theodore Y. Ts'o
2019-12-13  0:54         ` Sasha Levin
2019-12-11 15:38 ` [PATCH AUTOSEL 4.4 28/37] scsi: pm80xx: Fix for SATA device discovery Sasha Levin
2019-12-11 15:38 ` [PATCH AUTOSEL 4.4 29/37] scsi: target: iscsi: Wait for all commands to finish before freeing a session Sasha Levin
2019-12-11 15:38 ` [PATCH AUTOSEL 4.4 30/37] gpio: mpc8xxx: Don't overwrite default irq_set_type callback Sasha Levin
2019-12-11 15:38 ` [PATCH AUTOSEL 4.4 31/37] scripts/kallsyms: fix definitely-lost memory leak Sasha Levin
2019-12-11 15:38 ` [PATCH AUTOSEL 4.4 32/37] cdrom: respect device capabilities during opening action Sasha Levin
2019-12-11 15:38 ` [PATCH AUTOSEL 4.4 33/37] perf regs: Make perf_reg_name() return "unknown" instead of NULL Sasha Levin
2019-12-11 15:38 ` [PATCH AUTOSEL 4.4 34/37] libfdt: define INT32_MAX and UINT32_MAX in libfdt_env.h Sasha Levin
2019-12-11 15:38 ` [PATCH AUTOSEL 4.4 35/37] s390/cpum_sf: Check for SDBT and SDB consistency Sasha Levin
2019-12-11 15:38 ` [PATCH AUTOSEL 4.4 36/37] ocfs2: fix passing zero to 'PTR_ERR' warning Sasha Levin
2019-12-11 15:38 ` [PATCH AUTOSEL 4.4 37/37] kernel: sysctl: make drop_caches write-only Sasha Levin

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:7ca8c2522c92 dfblob:530b7df21322 )
 OR (
bs:"[PATCH AUTOSEL 4.4 20/37] scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20191211153813.24126-20-sashal@kernel.org \
    --to=sashal@kernel.org \
    --cc=James.Bottomley@SteelEye.com \
    --cc=dick.kennedy@broadcom.com \
    --cc=emilne@redhat.com \
    --cc=gustavo@embeddedor.com \
    --cc=jsmart2021@gmail.com \
    --cc=keescook+coverity-bot@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-next@vger.kernel.org \
    --cc=linux-scsi@vger.kernel.org \
    --cc=martin.petersen@oracle.com \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox