From: Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 14 Apr 2023 11:00:40 +0200
Addresses of two data structure members were determined before
a corresponding null pointer check in the implementation of
the function “hpsa_scsi_ioaccel_raid_map”.
Thus avoid the risk for undefined behaviour by moving the assignment
for two local variables behind some condition checks.
This issue was detected by using the Coccinelle software.
Fixes: 283b4a9b98b1 ("[SCSI] hpsa: add ioaccell mode 1 RAID offload support.")
Signed-off-by: Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx>
---
drivers/scsi/hpsa.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
index af18d20f3079..562bb5eab134 100644
--- a/drivers/scsi/hpsa.c
+++ b/drivers/scsi/hpsa.c
@@ -5104,8 +5104,8 @@ static int hpsa_scsi_ioaccel_raid_map(struct ctlr_info *h,
{
struct scsi_cmnd *cmd = c->scsi_cmd;
struct hpsa_scsi_dev_t *dev = cmd->device->hostdata;
- struct raid_map_data *map = &dev->raid_map;
- struct raid_map_disk_data *dd = &map->data[0];
+ struct raid_map_data *map;
+ struct raid_map_disk_data *dd;
int is_write = 0;
u32 map_index;
u64 first_block, last_block;
@@ -5209,6 +5209,8 @@ static int hpsa_scsi_ioaccel_raid_map(struct ctlr_info *h,
if (is_write && dev->raid_level != 0)
return IO_ACCEL_INELIGIBLE;
+ map = &dev->raid_map;
+
/* check for invalid block or wraparound */
if (last_block >= le64_to_cpu(map->volume_blk_cnt) ||
last_block < first_block)
@@ -5397,6 +5399,7 @@ static int hpsa_scsi_ioaccel_raid_map(struct ctlr_info *h,
if (!c->phys_disk)
return IO_ACCEL_INELIGIBLE;
+ dd = &map->data[0];
disk_handle = dd[map_index].ioaccel_handle;
disk_block = le64_to_cpu(map->disk_starting_blk) +
first_row * le16_to_cpu(map->strip_size) +
--
2.40.0
