On 2/3/21 4:19 AM, Dan Carpenter wrote: > Hi Mike, > > url: https://github.com/0day-ci/linux/commits/Mike-Christie/iscsi-fixes-and-cleanups/20210203-122757 > base: https://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git for-next > config: i386-randconfig-m021-20210202 (attached as .config) > compiler: gcc-9 (Debian 9.3.0-15) 9.3.0 > > If you fix the issue, kindly add following tag as appropriate > Reported-by: kernel test robot <lkp@xxxxxxxxx> > Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > > smatch warnings: > drivers/scsi/libiscsi_tcp.c:586 iscsi_tcp_r2t_rsp() warn: variable dereferenced before check 'task->sc' (see line 547) > > vim +586 drivers/scsi/libiscsi_tcp.c > > f7dbf0662a0167 Mike Christie 2021-02-02 529 static int iscsi_tcp_r2t_rsp(struct iscsi_conn *conn, struct iscsi_hdr *hdr) > a081c13e39b5c1 Mike Christie 2008-12-02 530 { > a081c13e39b5c1 Mike Christie 2008-12-02 531 struct iscsi_session *session = conn->session; > f7dbf0662a0167 Mike Christie 2021-02-02 532 struct iscsi_tcp_task *tcp_task; > f7dbf0662a0167 Mike Christie 2021-02-02 533 struct iscsi_tcp_conn *tcp_conn; > f7dbf0662a0167 Mike Christie 2021-02-02 534 struct iscsi_r2t_rsp *rhdr; > a081c13e39b5c1 Mike Christie 2008-12-02 535 struct iscsi_r2t_info *r2t; > f7dbf0662a0167 Mike Christie 2021-02-02 536 struct iscsi_task *task; > 5d0fddd0a72d30 Shlomo Pongratz 2014-02-07 537 u32 data_length; > 5d0fddd0a72d30 Shlomo Pongratz 2014-02-07 538 u32 data_offset; > f7dbf0662a0167 Mike Christie 2021-02-02 539 int r2tsn; > a081c13e39b5c1 Mike Christie 2008-12-02 540 int rc; > a081c13e39b5c1 Mike Christie 2008-12-02 541 > f7dbf0662a0167 Mike Christie 2021-02-02 542 spin_lock(&session->back_lock); > f7dbf0662a0167 Mike Christie 2021-02-02 543 task = iscsi_itt_to_ctask(conn, hdr->itt); > f7dbf0662a0167 Mike Christie 2021-02-02 544 if (!task) { > f7dbf0662a0167 Mike Christie 2021-02-02 545 spin_unlock(&session->back_lock); > f7dbf0662a0167 Mike Christie 2021-02-02 546 return ISCSI_ERR_BAD_ITT; > f7dbf0662a0167 Mike Christie 2021-02-02 @547 } else if (task->sc->sc_data_direction != DMA_TO_DEVICE) { > ^^^^^^^^ > New unchecked dereference. I see the issue. iscsi_itt_ctask checks task->sc and if NULL returns NULL. However, below in this function there is now a not needed task->sc check. The checker saw that and thinks the above line could be a invalid access. I'll fix the patch by removing the old check since it's confusing code that's also not needed since it's done for us now.