On 11/14/22 9:09 AM, Daniil Tatianin wrote:
> sg_next() dereferences the passed sg, therefore we have to verify that
> it's present before calling it.
>
> Found by Linux Verification Center (linuxtesting.org) with the SVACE
> static analysis tool.
>
> Signed-off-by: Daniil Tatianin <d-tatianin@xxxxxxxxxxxxxx>
> ---
> drivers/scsi/cxgbi/libcxgbi.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/drivers/scsi/cxgbi/libcxgbi.c b/drivers/scsi/cxgbi/libcxgbi.c
> index af281e271f88..2ff9810f42a9 100644
> --- a/drivers/scsi/cxgbi/libcxgbi.c
> +++ b/drivers/scsi/cxgbi/libcxgbi.c
> @@ -1196,8 +1196,7 @@ void cxgbi_ddp_set_one_ppod(struct cxgbi_pagepod *ppod,
>
> if (offset == len) {
> offset = 0;
> - sg = sg_next(sg);
> - if (sg) {
> + if (sg && (sg = sg_next(sg))) {
> addr = sg_dma_address(sg);
> len = sg_dma_len(sg);
> }
Is cxgbit_set_one_ppod the same function but it already has the extra
sg check? Should it be a libcxgb function in libcxgb_ppm.c?
