Re: [bug report] scsi: hisi_sas: add internal abort to hisi_sas_abort_task()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 12/10/2016 14:12, Dan Carpenter wrote:

Hello John Garry,

The patch dc8a49cabc73: "scsi: hisi_sas: add internal abort to
hisi_sas_abort_task()" from Aug 24, 2016, leads to the following
static checker warning:

	drivers/scsi/hisi_sas/hisi_sas_main.c:848 hisi_sas_abort_task()
	error: we previously assumed 'slot' could be null (see line 847)

drivers/scsi/hisi_sas/hisi_sas_main.c
    809          spin_unlock_irqrestore(&task->task_state_lock, flags);
    810          sas_dev->dev_status = HISI_SAS_DEV_EH;
    811          if (task->lldd_task && task->task_proto & SAS_PROTOCOL_SSP) {
                     ^^^^^^^^^^^^^^^
We assume that ->lldd_task can be NULL.

    812                  struct scsi_cmnd *cmnd = task->uldd_task;
    813                  struct hisi_sas_slot *slot = task->lldd_task;
    814                  u32 tag = slot->idx;
    815
    816                  int_to_scsilun(cmnd->device->lun, &lun);
    817                  tmf_task.tmf = TMF_ABORT_TASK;
    818                  tmf_task.tag_of_task_to_be_managed = cpu_to_le16(tag);
    819
    820                  rc = hisi_sas_debug_issue_ssp_tmf(task->dev, lun.scsi_lun,
    821                                                    &tmf_task);
    822
    823                  /* if successful, clear the task and callback forwards.*/
    824                  if (rc == TMF_RESP_FUNC_COMPLETE) {
    825                          if (task->lldd_task) {
    826                                  struct hisi_sas_slot *slot;
    827
    828                                  slot = &hisi_hba->slot_info
    829                                          [tmf_task.tag_of_task_to_be_managed];
    830                                  spin_lock_irqsave(&hisi_hba->lock, flags);
    831                                  hisi_hba->hw->slot_complete(hisi_hba, slot, 1);
    832                                  spin_unlock_irqrestore(&hisi_hba->lock, flags);
    833                          }
    834                  }
    835
    836                  hisi_sas_internal_task_abort(hisi_hba, device,
    837                                               HISI_SAS_INT_ABT_CMD, tag);
    838          } else if (task->task_proto & SAS_PROTOCOL_SATA ||
    839                  task->task_proto & SAS_PROTOCOL_STP) {
    840                  if (task->dev->dev_type == SAS_SATA_DEV) {
    841                          hisi_sas_internal_task_abort(hisi_hba, device,
    842                                                       HISI_SAS_INT_ABT_DEV, 0);
    843                          rc = TMF_RESP_FUNC_COMPLETE;
    844                  }
    845          } else if (task->task_proto & SAS_PROTOCOL_SMP) {
    846                  /* SMP */
    847                  struct hisi_sas_slot *slot = task->lldd_task;

We assign it to slot.


I will check this.

Thanks,
John



    848                  u32 tag = slot->idx;
                                   ^^^^^^^^^
slot dereferenced without checking.

    849
    850                  hisi_sas_internal_task_abort(hisi_hba, device,
    851                                               HISI_SAS_INT_ABT_CMD, tag);
    852          }



regards,
dan carpenter

.




--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]
  Powered by Linux