From: "Ewan D. Milne" <emilne@redhat.com>
To: James Smart <jsmart2021@gmail.com>, linux-scsi@vger.kernel.org
Cc: Dick Kennedy <dick.kennedy@broadcom.com>,
"Martin K. Petersen" <martin.petersen@oracle.com>,
"Gustavo A. R. Silva" <gustavo@embeddedor.com>,
linux-next@vger.kernel.org
Subject: Re: [PATCH 1/6] lpfc: fix: Coverity: lpfc_get_scsi_buf_s3(): Null pointer dereferences
Date: Tue, 12 Nov 2019 13:30:23 -0500 [thread overview]
Message-ID: <e8e868d7e2b4fe0894bb3badff6c63ecd80d6e28.camel@redhat.com> (raw)
In-Reply-To: <20191111230401.12958-2-jsmart2021@gmail.com>
On Mon, 2019-11-11 at 15:03 -0800, James Smart wrote:
> Coverity reported the following:
>
> *** CID 1487391: Null pointer dereferences (FORWARD_NULL)
> /drivers/scsi/lpfc/lpfc_scsi.c: 614 in lpfc_get_scsi_buf_s3()
> 608 spin_unlock(&phba->scsi_buf_list_put_lock);
> 609 }
> 610 spin_unlock_irqrestore(&phba->scsi_buf_list_get_lock, iflag);
> 611
> 612 if (lpfc_ndlp_check_qdepth(phba, ndlp)) {
> 613 atomic_inc(&ndlp->cmd_pending);
> vvv CID 1487391: Null pointer dereferences (FORWARD_NULL)
> vvv Dereferencing null pointer "lpfc_cmd".
> 614 lpfc_cmd->flags |= LPFC_SBUF_BUMP_QDEPTH;
> 615 }
> 616 return lpfc_cmd;
> 617 }
> 618 /**
> 619 * lpfc_get_scsi_buf_s4 - Get a scsi buffer from io_buf_list of the HBA
>
> Fix by checking lpfc_cmd to be non-NULL as part of line 612
>
> Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
> Addresses-Coverity-ID: 1487391 ("Null pointer dereferences")
> Fixes: 2a5b7d626ed2 ("scsi: lpfc: Limit tracking of tgt queue depth in fast path")
>
> Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
> Signed-off-by: James Smart <jsmart2021@gmail.com>
> CC: "Martin K. Petersen" <martin.petersen@oracle.com>
> CC: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
> CC: linux-next@vger.kernel.org
> ---
> drivers/scsi/lpfc/lpfc_scsi.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c
> index 959ef471d758..ba26df90a36a 100644
> --- a/drivers/scsi/lpfc/lpfc_scsi.c
> +++ b/drivers/scsi/lpfc/lpfc_scsi.c
> @@ -611,7 +611,7 @@ lpfc_get_scsi_buf_s3(struct lpfc_hba *phba, struct lpfc_nodelist *ndlp,
> }
> spin_unlock_irqrestore(&phba->scsi_buf_list_get_lock, iflag);
>
> - if (lpfc_ndlp_check_qdepth(phba, ndlp)) {
> + if (lpfc_ndlp_check_qdepth(phba, ndlp) && lpfc_cmd) {
> atomic_inc(&ndlp->cmd_pending);
> lpfc_cmd->flags |= LPFC_SBUF_BUMP_QDEPTH;
> }
Reviewed-by: Ewan D. Milne <emilne@redhat.com>
next prev parent reply other threads:[~2019-11-12 18:30 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-11 23:03 [PATCH 0/6] lpfc: Update lpfc to revision 12.6.0.1 James Smart
2019-11-11 23:03 ` [PATCH 1/6] lpfc: fix: Coverity: lpfc_get_scsi_buf_s3(): Null pointer dereferences James Smart
2019-11-12 18:30 ` Ewan D. Milne [this message]
2019-11-11 23:03 ` [PATCH 2/6] lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): " James Smart
2019-11-12 18:30 ` Ewan D. Milne
2019-11-11 23:03 ` [PATCH 3/6] lpfc: fix inlining of lpfc_sli4_cleanup_poll_list() James Smart
2019-11-12 18:31 ` Ewan D. Milne
2019-11-11 23:03 ` [PATCH 4/6] lpfc: Initialize cpu_map for not present cpus James Smart
2019-11-12 18:32 ` Ewan D. Milne
2019-11-11 23:04 ` [PATCH 5/6] lpfc: revise nvme max queues to be hdwq count James Smart
2019-11-11 23:04 ` [PATCH 6/6] lpfc: Update lpfc version to 12.6.0.2 James Smart
2019-11-12 18:32 ` Ewan D. Milne
2019-11-13 2:14 ` [PATCH 0/6] lpfc: Update lpfc to revision 12.6.0.1 Martin K. Petersen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e8e868d7e2b4fe0894bb3badff6c63ecd80d6e28.camel@redhat.com \
--to=emilne@redhat.com \
--cc=dick.kennedy@broadcom.com \
--cc=gustavo@embeddedor.com \
--cc=jsmart2021@gmail.com \
--cc=linux-next@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.