Re: [PATCH 2/6] lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 2019-11-11 at 15:03 -0800, James Smart wrote:
> Coverity reported the following:
> 
> *** CID 101747:  Null pointer dereferences  (FORWARD_NULL)
> /drivers/scsi/lpfc/lpfc_els.c: 4439 in lpfc_cmpl_els_rsp()
> 4433     			kfree(mp);
> 4434     		}
> 4435     		mempool_free(mbox, phba->mbox_mem_pool);
> 4436     	}
> 4437     out:
> 4438     	if (ndlp && NLP_CHK_NODE_ACT(ndlp)) {
> vvv     CID 101747:  Null pointer dereferences  (FORWARD_NULL)
> vvv     Dereferencing null pointer "shost".
> 4439     		spin_lock_irq(shost->host_lock);
> 4440     		ndlp->nlp_flag &= ~(NLP_ACC_REGLOGIN | NLP_RM_DFLT_RPI);
> 4441     		spin_unlock_irq(shost->host_lock);
> 4442
> 4443     		/* If the node is not being used by another discovery thread,
> 4444     		 * and we are sending a reject, we are done with it.
> 
> Fix by adding a check for non-null shost in line 4438.
> The scenario when shost is set to null is when ndlp is null.
> As such, the ndlp check present was sufficient. But better safe
> than sorry so add the shost check.
> 
> Reported-by: coverity-bot <keescook+coverity-bot@xxxxxxxxxxxx>
> Addresses-Coverity-ID: 101747 ("Null pointer dereferences")
> Fixes: 2e0fef85e098 ("[SCSI] lpfc: NPIV: split ports")
> 
> Signed-off-by: Dick Kennedy <dick.kennedy@xxxxxxxxxxxx>
> Signed-off-by: James Smart <jsmart2021@xxxxxxxxx>
> CC: James Bottomley <James.Bottomley@xxxxxxxxxxxx>
> CC: "Gustavo A. R. Silva" <gustavo@xxxxxxxxxxxxxx>
> CC: linux-next@xxxxxxxxxxxxxxx
> ---
>  drivers/scsi/lpfc/lpfc_els.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/scsi/lpfc/lpfc_els.c b/drivers/scsi/lpfc/lpfc_els.c
> index 9a570c15b2a1..42a2bf38eaea 100644
> --- a/drivers/scsi/lpfc/lpfc_els.c
> +++ b/drivers/scsi/lpfc/lpfc_els.c
> @@ -4445,7 +4445,7 @@ lpfc_cmpl_els_rsp(struct lpfc_hba *phba, struct lpfc_iocbq *cmdiocb,
>  		mempool_free(mbox, phba->mbox_mem_pool);
>  	}
>  out:
> -	if (ndlp && NLP_CHK_NODE_ACT(ndlp)) {
> +	if (ndlp && NLP_CHK_NODE_ACT(ndlp) && shost) {
>  		spin_lock_irq(shost->host_lock);
>  		ndlp->nlp_flag &= ~(NLP_ACC_REGLOGIN | NLP_RM_DFLT_RPI);
>  		spin_unlock_irq(shost->host_lock);

Reviewed-by: Ewan D. Milne <emilne@xxxxxxxxxx>
[Index of Archives]     [Linux Kernel]     [Linux USB Development]     [Yosemite News]     [Linux SCSI]

  Powered by Linux