From: "Colin King (gmail)" <colin.i.king@gmail.com>
To: Xiang Chen <chenxiang66@hisilicon.com>
Cc: John Garry <john.garry@huawei.com>,
"James E.J. Bottomley" <jejb@linux.ibm.com>,
"Martin K. Petersen" <martin.petersen@oracle.com>,
"linux-scsi@vger.kernel.org" <linux-scsi@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: re: scsi: hisi_sas: Fix some issues related to, asd_sas_port->phy_list
Date: Mon, 27 Dec 2021 22:56:32 +0000 [thread overview]
Message-ID: <c27a4f9b-e468-93a2-c14d-20f45a5a103b@gmail.com> (raw)
Hi,
Static analysis with clang-scan has found a dereference of an
uninitialized pointer in drivers/scsi/hisi_sas/hisi_sas_main.c
introduced by the following recent commit:
commit 29e2bac87421c613782ccb510c76c5efbecac0cf
Author: Xiang Chen <chenxiang66@hisilicon.com>
Date: Mon Dec 20 19:21:28 2021 +0800
scsi: hisi_sas: Fix some issues related to asd_sas_port->phy_list
The issue is as follows:
static void hisi_sas_send_ata_reset_each_phy(struct hisi_hba *hisi_hba,
struct asd_sas_port *sas_port,
struct domain_device *device)
{
struct hisi_sas_tmf_task tmf_task = { .force_phy = 1 };
struct ata_port *ap = device->sata_dev.ap;
struct device *dev = hisi_hba->dev;
int s = sizeof(struct host_to_dev_fis);
int rc = TMF_RESP_FUNC_FAILED;
struct asd_sas_phy *sas_phy;
sas_phy is not initialized ^
struct ata_link *link;
u8 fis[20] = {0};
u32 state;
int i;
state = hisi_hba->hw->get_phys_state(hisi_hba);
for (i = 0; i < hisi_hba->n_phy; i++) {
if (!(state & BIT(sas_phy->id)))
continue;
sas_phy is being dereferenced
The commit referenced above removed the statement:
list_for_each_entry(sas_phy, &sas_port->phy_list, port_phy_el)
..that set sas_phy. Now we don't have this, so sas_phy is not initialized.
Colin
reply other threads:[~2021-12-27 22:56 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c27a4f9b-e468-93a2-c14d-20f45a5a103b@gmail.com \
--to=colin.i.king@gmail.com \
--cc=chenxiang66@hisilicon.com \
--cc=jejb@linux.ibm.com \
--cc=john.garry@huawei.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox