On 23/05/2022 12:08, Dan Carpenter wrote:
Thanks for the report
50b6cb3516365c Dexuan Cui 2021-10-07 224 /* Use min_t(int, ...) in case shost->can_queue exceeds SHRT_MAX */
50b6cb3516365c Dexuan Cui 2021-10-07 225 shost->cmd_per_lun = min_t(int, shost->cmd_per_lun,
ea2f0f77538c50 John Garry 2021-05-19 226 shost->can_queue);
ea2f0f77538c50 John Garry 2021-05-19 227
2ad7ba6ca08593 John Garry 2022-05-20 @228 if (dma_dev->dma_mask) {
^^^^^^^^^^^^^^^^^
I knew that we fixed up dma_dev to be non-NULL, but I thought it was
earlier in this function...
The patch adds a new unchecked dereference
2ad7ba6ca08593 John Garry 2022-05-20 229 shost->max_sectors = min_t(unsigned int, shost->max_sectors,
2ad7ba6ca08593 John Garry 2022-05-20 230 dma_opt_mapping_size(dma_dev) >> SECTOR_SHIFT);
2ad7ba6ca08593 John Garry 2022-05-20 231 }
2ad7ba6ca08593 John Garry 2022-05-20 232
0a6ac4ee7c2109 Christoph Hellwig 2017-01-03 233 error = scsi_init_sense_cache(shost);
0a6ac4ee7c2109 Christoph Hellwig 2017-01-03 234 if (error)
0a6ac4ee7c2109 Christoph Hellwig 2017-01-03 235 goto fail;
0a6ac4ee7c2109 Christoph Hellwig 2017-01-03 236
d285203cf647d7 Christoph Hellwig 2014-01-17 237 error = scsi_mq_setup_tags(shost);
542bd1377a9630 James Bottomley 2008-04-21 238 if (error)
542bd1377a9630 James Bottomley 2008-04-21 239 goto fail;
d285203cf647d7 Christoph Hellwig 2014-01-17 240
^1da177e4c3f41 Linus Torvalds 2005-04-16 241 if (!shost->shost_gendev.parent)
^1da177e4c3f41 Linus Torvalds 2005-04-16 242 shost->shost_gendev.parent = dev ? dev : &platform_bus;
3c8d9a957d0ae6 James Bottomley 2012-05-04 @243 if (!dma_dev)
^^^^^^^^
Cheers,
John
