After having been compared to NULL value at ide-io.c:370,
pointer 'rq->rq_disk' is dereferenced at ide-io.c:381.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Nikolay Burykin <burikin@xxxxxx>
---
drivers/ide/ide-io.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/ide/ide-io.c b/drivers/ide/ide-io.c
index 4867b67b60d6..343e93824b03 100644
--- a/drivers/ide/ide-io.c
+++ b/drivers/ide/ide-io.c
@@ -367,7 +367,11 @@ static ide_startstop_t start_request (ide_drive_t *drive, struct request *rq)
pm->pm_step == IDE_PM_COMPLETED)
ide_complete_pm_rq(drive, rq);
return startstop;
- } else if (!rq->rq_disk && ata_misc_request(rq))
+ } else if (!rq->rq_disk) {
+ if (!ata_misc_request(rq)) {
+ rq->rq_flags |= RQF_FAILED;
+ goto kill_rq;
+ }
/*
* TODO: Once all ULDs have been modified to
* check for specific op codes rather than
@@ -377,6 +381,7 @@ static ide_startstop_t start_request (ide_drive_t *drive, struct request *rq)
* dropped entirely.
*/
return ide_special_rq(drive, rq);
+ }
drv = *(struct ide_driver **)rq->rq_disk->private_data;
--
2.38.1
