On 3/24/19 11:28 AM, Jens Axboe wrote: > On 3/4/19 4:08 PM, Aditya Pakki wrote: >> dma_async_tx_descriptor can contain a NULL variable and using >> it in dmaengine_submit without checking can crash the process. >> This patch avoids such a scenario. >> >> Signed-off-by: Aditya Pakki <pakki001@xxxxxxx> >> --- >> drivers/ata/sata_dwc_460ex.c | 6 ++++-- >> 1 file changed, 4 insertions(+), 2 deletions(-) >> >> diff --git a/drivers/ata/sata_dwc_460ex.c b/drivers/ata/sata_dwc_460ex.c >> index 6f142aa54f5f..44a0d7a1ef54 100644 >> --- a/drivers/ata/sata_dwc_460ex.c >> +++ b/drivers/ata/sata_dwc_460ex.c >> @@ -1052,8 +1052,10 @@ static void sata_dwc_bmdma_start_by_tag(struct ata_queued_cmd *qc, u8 tag) >> SATA_DWC_DMACR_RXCHEN); >> >> /* Enable AHB DMA transfer on the specified channel */ >> - dmaengine_submit(desc); >> - dma_async_issue_pending(hsdevp->chan); >> + if (desc) { >> + dmaengine_submit(desc); >> + dma_async_issue_pending(hsdevp->chan); >> + } >> } >> } > > Hmm, if desc == NULL, is that an error condition? > Jens, In dmaengine_submit, the desc variable is dereferenced without a check for NULL.