On Tue, 2015-05-19 at 15:04 +0300, Dan Carpenter wrote:
> Hello Nicholas Bellinger,
>
> This is a semi-automatic email about new static checker warnings.
>
> The patch fffab1c99118: "target: Convert REPORT_LUN + MODE_SENSE to
> RCU reader" from Mar 22, 2015, leads to the following Smatch
> complaint:
>
> drivers/target/target_core_spc.c:1232 spc_emulate_report_luns()
> warn: variable dereferenced before check 'sess' (see line 1213)
>
> drivers/target/target_core_spc.c
> 1212 struct se_session *sess = cmd->se_sess;
> 1213 struct se_node_acl *nacl = sess->se_node_acl;
> ^^^^
> New dereference.
>
> 1214 unsigned char *buf;
> 1215 u32 lun_count = 0, offset = 8;
> 1216
> 1217 if (cmd->data_length < 16) {
> 1218 pr_warn("REPORT LUNS allocation length %u too small\n",
> 1219 cmd->data_length);
> 1220 return TCM_INVALID_CDB_FIELD;
> 1221 }
> 1222
> 1223 buf = transport_kmap_data_sg(cmd);
> 1224 if (!buf)
> 1225 return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
> 1226
> 1227 /*
> 1228 * If no struct se_session pointer is present, this struct se_cmd is
> 1229 * coming via a target_core_mod PASSTHROUGH op, and not through
> 1230 * a $FABRIC_MOD. In that case, report LUN=0 only.
> 1231 */
> 1232 if (!sess) {
> ^^^^^
> Old check for NULL with a scary comment implying it is a real
> possibility.
>
> 1233 int_to_scsilun(0, (struct scsi_lun *)&buf[offset]);
> 1234 lun_count = 1;
>
Fixed.
Thanks Dan!
--nab
--
To unsubscribe from this list: send the line "unsubscribe target-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
