Re: [PATCH 1/6] lpfc: fix: Coverity: lpfc_get_scsi_buf_s3(): Null pointer dereferences

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2019-11-11 at 15:03 -0800, James Smart wrote:
> Coverity reported the following:
> 
> *** CID 1487391:  Null pointer dereferences  (FORWARD_NULL)
> /drivers/scsi/lpfc/lpfc_scsi.c: 614 in lpfc_get_scsi_buf_s3()
> 608     		spin_unlock(&phba->scsi_buf_list_put_lock);
> 609     	}
> 610     	spin_unlock_irqrestore(&phba->scsi_buf_list_get_lock, iflag);
> 611
> 612     	if (lpfc_ndlp_check_qdepth(phba, ndlp)) {
> 613     		atomic_inc(&ndlp->cmd_pending);
> vvv     CID 1487391:  Null pointer dereferences  (FORWARD_NULL)
> vvv     Dereferencing null pointer "lpfc_cmd".
> 614     		lpfc_cmd->flags |= LPFC_SBUF_BUMP_QDEPTH;
> 615     	}
> 616     	return  lpfc_cmd;
> 617     }
> 618     /**
> 619      * lpfc_get_scsi_buf_s4 - Get a scsi buffer from io_buf_list of the HBA
> 
> Fix by checking lpfc_cmd to be non-NULL as part of line 612
> 
> Reported-by: coverity-bot <keescook+coverity-bot@xxxxxxxxxxxx>
> Addresses-Coverity-ID: 1487391 ("Null pointer dereferences")
> Fixes: 2a5b7d626ed2 ("scsi: lpfc: Limit tracking of tgt queue depth in fast path")
> 
> Signed-off-by: Dick Kennedy <dick.kennedy@xxxxxxxxxxxx>
> Signed-off-by: James Smart <jsmart2021@xxxxxxxxx>
> CC: "Martin K. Petersen" <martin.petersen@xxxxxxxxxx>
> CC: "Gustavo A. R. Silva" <gustavo@xxxxxxxxxxxxxx>
> CC: linux-next@xxxxxxxxxxxxxxx
> ---
>  drivers/scsi/lpfc/lpfc_scsi.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c
> index 959ef471d758..ba26df90a36a 100644
> --- a/drivers/scsi/lpfc/lpfc_scsi.c
> +++ b/drivers/scsi/lpfc/lpfc_scsi.c
> @@ -611,7 +611,7 @@ lpfc_get_scsi_buf_s3(struct lpfc_hba *phba, struct lpfc_nodelist *ndlp,
>  	}
>  	spin_unlock_irqrestore(&phba->scsi_buf_list_get_lock, iflag);
>  
> -	if (lpfc_ndlp_check_qdepth(phba, ndlp)) {
> +	if (lpfc_ndlp_check_qdepth(phba, ndlp) && lpfc_cmd) {
>  		atomic_inc(&ndlp->cmd_pending);
>  		lpfc_cmd->flags |= LPFC_SBUF_BUMP_QDEPTH;
>  	}

Reviewed-by: Ewan D. Milne <emilne@xxxxxxxxxx>





[Index of Archives]     [Linux Kernel]     [Linux USB Development]     [Yosemite News]     [Linux SCSI]

  Powered by Linux