[PATCH] scsi: aic79xx: add scb NULL check in ahd_handle_ign_wide_residue()

From: Aleksandr Aprelkov <aaprelkov@usergate.com>
To: Hannes Reinecke <hare@suse.com>
Cc: Aleksandr Aprelkov <aaprelkov@usergate.com>,"James E.J.
	Bottomley" <jejb@linux.ibm.com>,"Martin K. Petersen"
	<martin.petersen@oracle.com>,<linux-scsi@vger.kernel.org>,<linux-kernel@vger.kernel.org>,<lvc-project@linuxtesting.org>
Subject: [PATCH] scsi: aic79xx: add scb NULL check in ahd_handle_ign_wide_residue()
Date: Mon, 1 Apr 2024 13:34:17 +0700	[thread overview]
Message-ID: <20240401063418.596364-1-aaprelkov@usergate.com> (raw)

If ahd_lookup_scb() returns NULL and (ahd_inb() & DPHASE) != 0
NULL pointer dereference happens inside ahd_get_transfer_dir()

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Aleksandr Aprelkov <aaprelkov@usergate.com>
---
 drivers/scsi/aic7xxx/aic79xx_core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/aic7xxx/aic79xx_core.c b/drivers/scsi/aic7xxx/aic79xx_core.c
index 3e3100dbfda3..bac23ee11c62 100644
--- a/drivers/scsi/aic7xxx/aic79xx_core.c
+++ b/drivers/scsi/aic7xxx/aic79xx_core.c
@@ -5664,7 +5664,7 @@ ahd_handle_ign_wide_residue(struct ahd_softc *ahd, struct ahd_devinfo *devinfo)
 	 * Perhaps add datadir to some spare bits in the hscb?
 	 */
 	if ((ahd_inb(ahd, SEQ_FLAGS) & DPHASE) == 0
-	 || ahd_get_transfer_dir(scb) != CAM_DIR_IN) {
+	 || (scb && ahd_get_transfer_dir(scb) != CAM_DIR_IN)) {
 		/*
 		 * Ignore the message if we haven't
 		 * seen an appropriate data phase yet.
-- 
2.34.1

