From: "Ewan D. Milne" <emilne@redhat•com>
To: James Smart <jsmart2021@gmail•com>, linux-scsi@vger•kernel.org
Cc: Dick Kennedy <dick.kennedy@broadcom•com>,
James Bottomley <James.Bottomley@SteelEye•com>,
"Gustavo A. R. Silva" <gustavo@embeddedor•com>,
linux-next@vger•kernel.org
Subject: Re: [PATCH 2/6] lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences
Date: Tue, 12 Nov 2019 13:30:51 -0500 [thread overview]
Message-ID: <b42a9108ef8c4a17c81e152f9ed0d981c4f1ccdf.camel@redhat.com> (raw)
In-Reply-To: <20191111230401.12958-3-jsmart2021@gmail.com>
On Mon, 2019-11-11 at 15:03 -0800, James Smart wrote:
> Coverity reported the following:
>
> *** CID 101747: Null pointer dereferences (FORWARD_NULL)
> /drivers/scsi/lpfc/lpfc_els.c: 4439 in lpfc_cmpl_els_rsp()
> 4433 kfree(mp);
> 4434 }
> 4435 mempool_free(mbox, phba->mbox_mem_pool);
> 4436 }
> 4437 out:
> 4438 if (ndlp && NLP_CHK_NODE_ACT(ndlp)) {
> vvv CID 101747: Null pointer dereferences (FORWARD_NULL)
> vvv Dereferencing null pointer "shost".
> 4439 spin_lock_irq(shost->host_lock);
> 4440 ndlp->nlp_flag &= ~(NLP_ACC_REGLOGIN | NLP_RM_DFLT_RPI);
> 4441 spin_unlock_irq(shost->host_lock);
> 4442
> 4443 /* If the node is not being used by another discovery thread,
> 4444 * and we are sending a reject, we are done with it.
>
> Fix by adding a check for non-null shost in line 4438.
> The scenario when shost is set to null is when ndlp is null.
> As such, the ndlp check present was sufficient. But better safe
> than sorry so add the shost check.
>
> Reported-by: coverity-bot <keescook+coverity-bot@chromium•org>
> Addresses-Coverity-ID: 101747 ("Null pointer dereferences")
> Fixes: 2e0fef85e098 ("[SCSI] lpfc: NPIV: split ports")
>
> Signed-off-by: Dick Kennedy <dick.kennedy@broadcom•com>
> Signed-off-by: James Smart <jsmart2021@gmail•com>
> CC: James Bottomley <James.Bottomley@SteelEye•com>
> CC: "Gustavo A. R. Silva" <gustavo@embeddedor•com>
> CC: linux-next@vger•kernel.org
> ---
> drivers/scsi/lpfc/lpfc_els.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/scsi/lpfc/lpfc_els.c b/drivers/scsi/lpfc/lpfc_els.c
> index 9a570c15b2a1..42a2bf38eaea 100644
> --- a/drivers/scsi/lpfc/lpfc_els.c
> +++ b/drivers/scsi/lpfc/lpfc_els.c
> @@ -4445,7 +4445,7 @@ lpfc_cmpl_els_rsp(struct lpfc_hba *phba, struct lpfc_iocbq *cmdiocb,
> mempool_free(mbox, phba->mbox_mem_pool);
> }
> out:
> - if (ndlp && NLP_CHK_NODE_ACT(ndlp)) {
> + if (ndlp && NLP_CHK_NODE_ACT(ndlp) && shost) {
> spin_lock_irq(shost->host_lock);
> ndlp->nlp_flag &= ~(NLP_ACC_REGLOGIN | NLP_RM_DFLT_RPI);
> spin_unlock_irq(shost->host_lock);
Reviewed-by: Ewan D. Milne <emilne@redhat•com>
prev parent reply other threads:[~2019-11-12 18:30 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20191111230401.12958-1-jsmart2021@gmail.com>
2019-11-11 23:03 ` [PATCH 1/6] lpfc: fix: Coverity: lpfc_get_scsi_buf_s3(): Null pointer dereferences James Smart
2019-11-12 18:30 ` Ewan D. Milne
2019-11-11 23:03 ` [PATCH 2/6] lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): " James Smart
2019-11-12 18:30 ` Ewan D. Milne [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b42a9108ef8c4a17c81e152f9ed0d981c4f1ccdf.camel@redhat.com \
--to=emilne@redhat$(echo .)com \
--cc=James.Bottomley@SteelEye$(echo .)com \
--cc=dick.kennedy@broadcom$(echo .)com \
--cc=gustavo@embeddedor$(echo .)com \
--cc=jsmart2021@gmail$(echo .)com \
--cc=linux-next@vger$(echo .)kernel.org \
--cc=linux-scsi@vger$(echo .)kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox