From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: James Smart <jsmart2021@gmail.com>,
coverity-bot <keescook+coverity-bot@chromium.org>,
James Bottomley <James.Bottomley@SteelEye.com>,
"Gustavo A. R. Silva" <gustavo@embeddedor.com>,
linux-next@vger.kernel.org, "Ewan D . Milne" <emilne@redhat.com>,
Dick Kennedy <dick.kennedy@broadcom.com>,
"Martin K . Petersen" <martin.petersen@oracle.com>,
Sasha Levin <sashal@kernel.org>,
linux-scsi@vger.kernel.org
Subject: [PATCH AUTOSEL 4.14 26/58] scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences
Date: Wed, 11 Dec 2019 10:27:59 -0500 [thread overview]
Message-ID: <20191211152831.23507-26-sashal@kernel.org> (raw)
In-Reply-To: <20191211152831.23507-1-sashal@kernel.org>
From: James Smart <jsmart2021@gmail.com>
[ Upstream commit 6c6d59e0fe5b86cf273d6d744a6a9768c4ecc756 ]
Coverity reported the following:
*** CID 101747: Null pointer dereferences (FORWARD_NULL)
/drivers/scsi/lpfc/lpfc_els.c: 4439 in lpfc_cmpl_els_rsp()
4433 kfree(mp);
4434 }
4435 mempool_free(mbox, phba->mbox_mem_pool);
4436 }
4437 out:
4438 if (ndlp && NLP_CHK_NODE_ACT(ndlp)) {
vvv CID 101747: Null pointer dereferences (FORWARD_NULL)
vvv Dereferencing null pointer "shost".
4439 spin_lock_irq(shost->host_lock);
4440 ndlp->nlp_flag &= ~(NLP_ACC_REGLOGIN | NLP_RM_DFLT_RPI);
4441 spin_unlock_irq(shost->host_lock);
4442
4443 /* If the node is not being used by another discovery thread,
4444 * and we are sending a reject, we are done with it.
Fix by adding a check for non-null shost in line 4438.
The scenario when shost is set to null is when ndlp is null.
As such, the ndlp check present was sufficient. But better safe
than sorry so add the shost check.
Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
Addresses-Coverity-ID: 101747 ("Null pointer dereferences")
Fixes: 2e0fef85e098 ("[SCSI] lpfc: NPIV: split ports")
CC: James Bottomley <James.Bottomley@SteelEye.com>
CC: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
CC: linux-next@vger.kernel.org
Link: https://lore.kernel.org/r/20191111230401.12958-3-jsmart2021@gmail.com
Reviewed-by: Ewan D. Milne <emilne@redhat.com>
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc_els.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/lpfc/lpfc_els.c b/drivers/scsi/lpfc/lpfc_els.c
index c851fd14ff3e9..4c84c2ae1112d 100644
--- a/drivers/scsi/lpfc/lpfc_els.c
+++ b/drivers/scsi/lpfc/lpfc_els.c
@@ -4102,7 +4102,7 @@ lpfc_cmpl_els_rsp(struct lpfc_hba *phba, struct lpfc_iocbq *cmdiocb,
mempool_free(mbox, phba->mbox_mem_pool);
}
out:
- if (ndlp && NLP_CHK_NODE_ACT(ndlp)) {
+ if (ndlp && NLP_CHK_NODE_ACT(ndlp) && shost) {
spin_lock_irq(shost->host_lock);
ndlp->nlp_flag &= ~(NLP_ACC_REGLOGIN | NLP_RM_DFLT_RPI);
spin_unlock_irq(shost->host_lock);
--
2.20.1
next prev parent reply other threads:[~2019-12-11 15:29 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-11 15:27 [PATCH AUTOSEL 4.14 01/58] scsi: lpfc: Fix discovery failures when target device connectivity bounces Sasha Levin
2019-12-11 15:27 ` [PATCH AUTOSEL 4.14 02/58] scsi: mpt3sas: Fix clear pending bit in ioctl status Sasha Levin
2019-12-11 15:27 ` [PATCH AUTOSEL 4.14 03/58] scsi: lpfc: Fix locking on mailbox command completion Sasha Levin
2019-12-11 15:27 ` [PATCH AUTOSEL 4.14 04/58] Input: atmel_mxt_ts - disable IRQ across suspend Sasha Levin
2019-12-11 15:27 ` [PATCH AUTOSEL 4.14 05/58] iommu/tegra-smmu: Fix page tables in > 4 GiB memory Sasha Levin
2019-12-11 15:27 ` [PATCH AUTOSEL 4.14 06/58] scsi: target: compare full CHAP_A Algorithm strings Sasha Levin
2019-12-11 15:27 ` [PATCH AUTOSEL 4.14 07/58] scsi: lpfc: Fix SLI3 hba in loop mode not discovering devices Sasha Levin
2019-12-11 15:27 ` [PATCH AUTOSEL 4.14 08/58] scsi: csiostor: Don't enable IRQs too early Sasha Levin
2019-12-11 15:27 ` [PATCH AUTOSEL 4.14 09/58] powerpc/pseries: Mark accumulate_stolen_time() as notrace Sasha Levin
2019-12-11 15:27 ` [PATCH AUTOSEL 4.14 10/58] powerpc/pseries: Don't fail hash page table insert for bolted mapping Sasha Levin
2019-12-11 15:27 ` [PATCH AUTOSEL 4.14 11/58] powerpc/tools: Don't quote $objdump in scripts Sasha Levin
2019-12-11 15:27 ` [PATCH AUTOSEL 4.14 12/58] dma-debug: add a schedule point in debug_dma_dump_mappings() Sasha Levin
2019-12-11 15:27 ` [PATCH AUTOSEL 4.14 13/58] clocksource/drivers/asm9260: Add a check for of_clk_get Sasha Levin
2019-12-11 15:27 ` [PATCH AUTOSEL 4.14 14/58] powerpc/security/book3s64: Report L1TF status in sysfs Sasha Levin
2019-12-11 15:27 ` [PATCH AUTOSEL 4.14 15/58] powerpc/book3s64/hash: Add cond_resched to avoid soft lockup warning Sasha Levin
2019-12-11 15:27 ` [PATCH AUTOSEL 4.14 16/58] ext4: update direct I/O read lock pattern for IOCB_NOWAIT Sasha Levin
2019-12-11 15:27 ` [PATCH AUTOSEL 4.14 17/58] jbd2: Fix statistics for the number of logged blocks Sasha Levin
2019-12-11 15:27 ` [PATCH AUTOSEL 4.14 18/58] scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) Sasha Levin
2019-12-11 15:27 ` [PATCH AUTOSEL 4.14 19/58] scsi: lpfc: Fix duplicate unreg_rpi error in port offline flow Sasha Levin
2019-12-11 15:27 ` [PATCH AUTOSEL 4.14 20/58] f2fs: fix to update dir's i_pino during cross_rename Sasha Levin
2019-12-11 15:27 ` [PATCH AUTOSEL 4.14 21/58] clk: qcom: Allow constant ratio freq tables for rcg Sasha Levin
2019-12-11 15:27 ` [PATCH AUTOSEL 4.14 22/58] irqchip/irq-bcm7038-l1: Enable parent IRQ if necessary Sasha Levin
2019-12-11 15:27 ` [PATCH AUTOSEL 4.14 23/58] irqchip: ingenic: Error out if IRQ domain creation failed Sasha Levin
2019-12-11 15:27 ` [PATCH AUTOSEL 4.14 24/58] mfd: mfd-core: Honour Device Tree's request to disable a child-device Sasha Levin
2019-12-11 15:27 ` [PATCH AUTOSEL 4.14 25/58] fs/quota: handle overflows of sysctl fs.quota.* and report as unsigned long Sasha Levin
2019-12-11 15:27 ` Sasha Levin [this message]
2019-12-11 15:28 ` [PATCH AUTOSEL 4.14 27/58] scsi: ufs: fix potential bug which ends in system hang Sasha Levin
2019-12-11 15:28 ` [PATCH AUTOSEL 4.14 28/58] powerpc/pseries/cmm: Implement release() function for sysfs device Sasha Levin
2019-12-11 15:28 ` [PATCH AUTOSEL 4.14 29/58] powerpc/security: Fix wrong message when RFI Flush is disable Sasha Levin
2019-12-11 15:28 ` [PATCH AUTOSEL 4.14 30/58] scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE Sasha Levin
2019-12-11 15:28 ` [PATCH AUTOSEL 4.14 31/58] clk: pxa: fix one of the pxa RTC clocks Sasha Levin
2019-12-11 15:28 ` [PATCH AUTOSEL 4.14 32/58] bcache: at least try to shrink 1 node in bch_mca_scan() Sasha Levin
2019-12-12 3:48 ` John Stoffel
2019-12-12 3:52 ` Coly Li
2019-12-12 4:00 ` John Stoffel
2019-12-11 15:28 ` [PATCH AUTOSEL 4.14 33/58] ext4: fix a bug in ext4_wait_for_tail_page_commit Sasha Levin
2019-12-11 15:28 ` [PATCH AUTOSEL 4.14 34/58] HID: logitech-hidpp: Silence intermittent get_battery_capacity errors Sasha Levin
2019-12-11 15:28 ` [PATCH AUTOSEL 4.14 35/58] libnvdimm/btt: fix variable 'rc' set but not used Sasha Levin
2019-12-11 15:28 ` [PATCH AUTOSEL 4.14 36/58] HID: Improve Windows Precision Touchpad detection Sasha Levin
2019-12-11 15:28 ` [PATCH AUTOSEL 4.14 37/58] watchdog: aspeed: Fix clock behaviour for ast2600 Sasha Levin
2019-12-11 15:28 ` [PATCH AUTOSEL 4.14 38/58] ext4: work around deleting a file with i_nlink == 0 safely Sasha Levin
2019-12-11 15:28 ` [PATCH AUTOSEL 4.14 39/58] scsi: pm80xx: Fix for SATA device discovery Sasha Levin
2019-12-11 15:28 ` [PATCH AUTOSEL 4.14 40/58] scsi: ufs: Fix error handing during hibern8 enter Sasha Levin
2019-12-11 15:28 ` [PATCH AUTOSEL 4.14 41/58] scsi: scsi_debug: num_tgts must be >= 0 Sasha Levin
2019-12-11 15:28 ` [PATCH AUTOSEL 4.14 42/58] scsi: NCR5380: Add disconnect_mask module parameter Sasha Levin
2019-12-11 15:28 ` [PATCH AUTOSEL 4.14 43/58] scsi: iscsi: Don't send data to unbound connection Sasha Levin
2019-12-11 15:28 ` [PATCH AUTOSEL 4.14 44/58] scsi: target: iscsi: Wait for all commands to finish before freeing a session Sasha Levin
2019-12-11 15:28 ` [PATCH AUTOSEL 4.14 45/58] gpio: mpc8xxx: Don't overwrite default irq_set_type callback Sasha Levin
2019-12-11 15:28 ` [PATCH AUTOSEL 4.14 46/58] apparmor: fix unsigned len comparison with less than zero Sasha Levin
2019-12-11 15:28 ` [PATCH AUTOSEL 4.14 47/58] scripts/kallsyms: fix definitely-lost memory leak Sasha Levin
2019-12-11 15:28 ` [PATCH AUTOSEL 4.14 48/58] f2fs: choose hardlimit when softlimit is larger than hardlimit in f2fs_statfs_project() Sasha Levin
2019-12-11 15:28 ` [PATCH AUTOSEL 4.14 49/58] of: unittest: fix memory leak in attach_node_and_children Sasha Levin
2019-12-11 15:28 ` [PATCH AUTOSEL 4.14 50/58] cdrom: respect device capabilities during opening action Sasha Levin
2019-12-11 15:28 ` [PATCH AUTOSEL 4.14 51/58] perf script: Fix brstackinsn for AUXTRACE Sasha Levin
2019-12-11 15:28 ` [PATCH AUTOSEL 4.14 52/58] perf regs: Make perf_reg_name() return "unknown" instead of NULL Sasha Levin
2019-12-11 15:28 ` [PATCH AUTOSEL 4.14 53/58] s390/zcrypt: handle new reply code FILTERED_BY_HYPERVISOR Sasha Levin
2019-12-11 15:28 ` [PATCH AUTOSEL 4.14 54/58] libfdt: define INT32_MAX and UINT32_MAX in libfdt_env.h Sasha Levin
2019-12-11 15:28 ` [PATCH AUTOSEL 4.14 55/58] s390/cpum_sf: Check for SDBT and SDB consistency Sasha Levin
2019-12-11 15:28 ` [PATCH AUTOSEL 4.14 56/58] ocfs2: fix passing zero to 'PTR_ERR' warning Sasha Levin
2019-12-11 15:28 ` [PATCH AUTOSEL 4.14 57/58] kernel: sysctl: make drop_caches write-only Sasha Levin
2019-12-11 15:28 ` [PATCH AUTOSEL 4.14 58/58] userfaultfd: require CAP_SYS_PTRACE for UFFD_FEATURE_EVENT_FORK Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191211152831.23507-26-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=James.Bottomley@SteelEye.com \
--cc=dick.kennedy@broadcom.com \
--cc=emilne@redhat.com \
--cc=gustavo@embeddedor.com \
--cc=jsmart2021@gmail.com \
--cc=keescook+coverity-bot@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-next@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).