Inside function sas_rphy_match(), dev_to_shost() could return NULL, however, the return value of dev_to_shost() is not checked and get used. This could potentially be unsafe. Signed-off-by: Yizhuo <yzhai003@xxxxxxx> --- drivers/scsi/scsi_transport_sas.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/scsi/scsi_transport_sas.c b/drivers/scsi/scsi_transport_sas.c index ef138c57e2a6..04d83cbc35f2 100644 --- a/drivers/scsi/scsi_transport_sas.c +++ b/drivers/scsi/scsi_transport_sas.c @@ -1328,6 +1328,8 @@ static int sas_rphy_match(struct attribute_container *cont, struct device *dev) if (!scsi_is_sas_rphy(dev)) return 0; shost = dev_to_shost(dev->parent->parent); + if (!shost) + return 0; if (!shost->transportt) return 0; -- 2.17.1
