dcb_list is initialized in adapter_init_params(). When it is not
initialized, calling adapter_uninit() from dc395x_init_one() can cause
null-ptr-dereference. We can set acb to NULL and skip adapter_uninit()
alltogether if adapter_init() returns non zero, since adapter_init()
will handle its own unwinding without the help of adapter_uninit().
[ 1.437872] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 1.438251] #PF: supervisor read access in kernel mode
[ 1.438529] #PF: error_code(0x0000) - not-present page
[ 1.440130] RIP: 0010:adapter_uninit+0x94/0x170 [dc395x]
[ 1.445439] Call Trace:
[ 1.445573] dc395x_init_one.cold+0x72a/0x9bb [dc395x]
[ 1.445849] local_pci_probe+0x48/0x80
Signed-off-by: Tong Zhang <ztong0001@xxxxxxxxx>
---
drivers/scsi/dc395x.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/scsi/dc395x.c b/drivers/scsi/dc395x.c
index 3ea345c12467..990308cbf943 100644
--- a/drivers/scsi/dc395x.c
+++ b/drivers/scsi/dc395x.c
@@ -4647,6 +4647,7 @@ static int dc395x_init_one(struct pci_dev *dev, const struct pci_device_id *id)
/* initialise the adapter and everything we need */
if (adapter_init(acb, io_port_base, io_port_len, irq)) {
dprintkl(KERN_INFO, "adapter init failed\n");
+ acb = NULL;
goto fail;
}
--
2.25.1
