sci_unsolicited_frame_control_get_header may return error if frame_index
is invalid. There are two calls where retval was forgotten to check.
Add check of retval.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: c72086e3c289 ("isci: merge smp request substates into primary state machine")
Signed-off-by: Peter Kosyh <pkosyh@xxxxxxxxx>
---
drivers/scsi/isci/request.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/isci/request.c b/drivers/scsi/isci/request.c
index 6370cdbfba08..e9f442d5cb73 100644
--- a/drivers/scsi/isci/request.c
+++ b/drivers/scsi/isci/request.c
@@ -1712,9 +1712,11 @@ sci_io_request_frame_handler(struct isci_request *ireq,
struct ssp_frame_hdr ssp_hdr;
void *frame_header;
- sci_unsolicited_frame_control_get_header(&ihost->uf_control,
+ status = sci_unsolicited_frame_control_get_header(&ihost->uf_control,
frame_index,
&frame_header);
+ if (status != SCI_SUCCESS)
+ return status;
word_cnt = sizeof(struct ssp_frame_hdr) / sizeof(u32);
sci_swab32_cpy(&ssp_hdr, frame_header, word_cnt);
@@ -1768,9 +1770,12 @@ sci_io_request_frame_handler(struct isci_request *ireq,
void *frame_header, *kaddr;
u8 *rsp;
- sci_unsolicited_frame_control_get_header(&ihost->uf_control,
+ status = sci_unsolicited_frame_control_get_header(&ihost->uf_control,
frame_index,
&frame_header);
+ if (status != SCI_SUCCESS)
+ return status;
+
kaddr = kmap_atomic(sg_page(sg));
rsp = kaddr + sg->offset;
sci_swab32_cpy(rsp, frame_header, 1);
--
2.38.1
