[PATCH 7/7] mptfusion: tweak null pointer checks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Fixes the following smatch warnings:

  drivers/message/fusion/mptbase.c:652 mptbase_reply() warn: variable
    dereferenced before check 'reply' (see line 639)

  drivers/message/fusion/mptsas.c:1255 mptsas_taskmgmt_complete() error:
    we previously assumed 'pScsiTmReply' could be null (see line 1227)


  drivers/message/fusion/mptsas.c:3888 mptsas_not_responding_devices()
    error: we previously assumed 'port_info->phy_info' could be null
    (see line 3875)

  drivers/message/fusion/mptscsih.c:1284 mptscsih_info() error:
    we previously assumed 'h' could be null (see line 1274)

  drivers/message/fusion/mptscsih.c:1388 mptscsih_qcmd() error: we
    previously assumed 'vdevice' could be null (see line 1373)

Signed-off-by: Joe Lawrence <joe.lawrence@xxxxxxxxxxx>
Cc: Christoph Hellwig <hch@xxxxxxxxxxxxx>
Cc: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Cc: Sreekanth Reddy <Sreekanth.Reddy@xxxxxxx>
---

JL: Comments on the above warnings, in order:

    No-brainer, the enclosing switch statement dereferences 'reply',
    so we can't get here unless 'reply' is valid.

    "Retry target reset" needs to know the target ID and channel, so
    enclose that entire block inside a if (pScsiTmReply) block.

    The code before the loop checks for 'port_info->phy_info', but not
    many other places in the driver bother.  Not sure what to do here.

    'hostdata' is checked and then immediately dereferenced after
    that block.  How about a default return string of "N/A" to indicate
    one isn't available? 

    Not sure what to do here.  'vdevice' is needed to "set up the
    message frame" target ID and channel, so it should probably return
    an error in in this case.

 drivers/message/fusion/mptbase.c  |   10 ++++------
 drivers/message/fusion/mptsas.c   |   27 ++++++++++++++-------------
 drivers/message/fusion/mptscsih.c |    7 ++++---
 3 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/drivers/message/fusion/mptbase.c b/drivers/message/fusion/mptbase.c
index 03263d6..c68a951 100644
--- a/drivers/message/fusion/mptbase.c
+++ b/drivers/message/fusion/mptbase.c
@@ -649,12 +649,10 @@ mptbase_reply(MPT_ADAPTER *ioc, MPT_FRAME_HDR *req, MPT_FRAME_HDR *reply)
 	case MPI_FUNCTION_CONFIG:
 	case MPI_FUNCTION_SAS_IO_UNIT_CONTROL:
 		ioc->mptbase_cmds.status |= MPT_MGMT_STATUS_COMMAND_GOOD;
-		if (reply) {
-			ioc->mptbase_cmds.status |= MPT_MGMT_STATUS_RF_VALID;
-			memcpy(ioc->mptbase_cmds.reply, reply,
-			    min(MPT_DEFAULT_FRAME_SIZE,
-				4 * reply->u.reply.MsgLength));
-		}
+		ioc->mptbase_cmds.status |= MPT_MGMT_STATUS_RF_VALID;
+		memcpy(ioc->mptbase_cmds.reply, reply,
+		    min(MPT_DEFAULT_FRAME_SIZE,
+			4 * reply->u.reply.MsgLength));
 		if (ioc->mptbase_cmds.status & MPT_MGMT_STATUS_PENDING) {
 			ioc->mptbase_cmds.status &= ~MPT_MGMT_STATUS_PENDING;
 			complete(&ioc->mptbase_cmds.done);
diff --git a/drivers/message/fusion/mptsas.c b/drivers/message/fusion/mptsas.c
index 35c87b1..72e464fc 100644
--- a/drivers/message/fusion/mptsas.c
+++ b/drivers/message/fusion/mptsas.c
@@ -1252,17 +1252,19 @@ mptsas_taskmgmt_complete(MPT_ADAPTER *ioc, MPT_FRAME_HDR *mf, MPT_FRAME_HDR *mr)
 	    ioc->name, jiffies_to_msecs(jiffies -
 	    target_reset_list->time_count)/1000));
 
-	id = pScsiTmReply->TargetID;
-	channel = pScsiTmReply->Bus;
-	target_reset_list->time_count = jiffies;
+	if (pScsiTmReply) {
+		id = pScsiTmReply->TargetID;
+		channel = pScsiTmReply->Bus;
+		target_reset_list->time_count = jiffies;
 
-	/*
-	 * retry target reset
-	 */
-	if (!target_reset_list->target_reset_issued) {
-		if (mptsas_target_reset(ioc, channel, id))
-			target_reset_list->target_reset_issued = 1;
-		return 1;
+		/*
+		 * retry target reset
+		 */
+		if (!target_reset_list->target_reset_issued) {
+			if (mptsas_target_reset(ioc, channel, id))
+				target_reset_list->target_reset_issued = 1;
+			return 1;
+		}
 	}
 
 	/*
@@ -3872,9 +3874,8 @@ retry_page:
  redo_expander_scan:
 	list_for_each_entry(port_info, &ioc->sas_topology, list) {
 
-		if (port_info->phy_info &&
-		    (!(port_info->phy_info[0].identify.device_info &
-		    MPI_SAS_DEVICE_INFO_SMP_TARGET)))
+		if (!(port_info->phy_info[0].identify.device_info &
+		    MPI_SAS_DEVICE_INFO_SMP_TARGET))
 			continue;
 		found_expander = 0;
 		handle = 0xFFFF;
diff --git a/drivers/message/fusion/mptscsih.c b/drivers/message/fusion/mptscsih.c
index 727819c..475e3c9 100644
--- a/drivers/message/fusion/mptscsih.c
+++ b/drivers/message/fusion/mptscsih.c
@@ -1266,6 +1266,7 @@ mptscsih_resume(struct pci_dev *pdev)
 const char *
 mptscsih_info(struct Scsi_Host *SChost)
 {
+	const char *ret = "N/A";
 	MPT_SCSI_HOST *h;
 	int size = 0;
 
@@ -1279,9 +1280,10 @@ mptscsih_info(struct Scsi_Host *SChost)
 
 		mpt_print_ioc_summary(h->ioc, h->info_kbuf, &size, 0, 0);
 		h->info_kbuf[size-1] = '\0';
+		ret = h->info_kbuf;
 	}
 
-	return h->info_kbuf;
+	return ret;
 }
 
 int mptscsih_show_info(struct seq_file *m, struct Scsi_Host *host)
@@ -1370,8 +1372,7 @@ mptscsih_qcmd(struct scsi_cmnd *SCpnt, void (*done)(struct scsi_cmnd *))
 	/* Default to untagged. Once a target structure has been allocated,
 	 * use the Inquiry data to determine if device supports tagged.
 	 */
-	if (vdevice
-	    && (vdevice->vtarget->tflags & MPT_TARGET_FLAGS_Q_YES)
+	if ((vdevice->vtarget->tflags & MPT_TARGET_FLAGS_Q_YES)
 	    && (SCpnt->device->tagged_supported)) {
 		scsictl = scsidir | MPI_SCSIIO_CONTROL_SIMPLEQ;
 		if (SCpnt->request && SCpnt->request->ioprio) {
-- 
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]
  Powered by Linux