From: James Smart <jsmart2021@gmail.com>
Date: Mon, 11 Nov 2019 15:03:56 -0800
Subject: [PATCH] scsi: lpfc: fix: Coverity: lpfc_get_scsi_buf_s3(): Null
Git-commit: 6f23f8c5c9f1be4eb17c035129c80e49000c18a7
Patch-mainline: v5.5-rc1
References: bsc#1156632,jsc#SLE-8654
pointer dereferences
Coverity reported the following:
*** CID 1487391: Null pointer dereferences (FORWARD_NULL)
/drivers/scsi/lpfc/lpfc_scsi.c: 614 in lpfc_get_scsi_buf_s3()
608 spin_unlock(&phba->scsi_buf_list_put_lock);
609 }
610 spin_unlock_irqrestore(&phba->scsi_buf_list_get_lock, iflag);
611
612 if (lpfc_ndlp_check_qdepth(phba, ndlp)) {
613 atomic_inc(&ndlp->cmd_pending);
vvv CID 1487391: Null pointer dereferences (FORWARD_NULL)
vvv Dereferencing null pointer "lpfc_cmd".
614 lpfc_cmd->flags |= LPFC_SBUF_BUMP_QDEPTH;
615 }
616 return lpfc_cmd;
617 }
618 /**
619 * lpfc_get_scsi_buf_s4 - Get a scsi buffer from io_buf_list of the HBA
Fix by checking lpfc_cmd to be non-NULL as part of line 612
Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
Addresses-Coverity-ID: 1487391 ("Null pointer dereferences")
Fixes: 2a5b7d626ed2 ("scsi: lpfc: Limit tracking of tgt queue depth in fast path")
CC: "Martin K. Petersen" <martin.petersen@oracle.com>
CC: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
CC: linux-next@vger.kernel.org
Link: https://lore.kernel.org/r/20191111230401.12958-2-jsmart2021@gmail.com
Reviewed-by: Ewan D. Milne <emilne@redhat.com>
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Acked-by: Hannes Reinecke <hare@suse.com>
---
drivers/scsi/lpfc/lpfc_scsi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c
index 959ef471d758..ba26df90a36a 100644
--- a/drivers/scsi/lpfc/lpfc_scsi.c
+++ b/drivers/scsi/lpfc/lpfc_scsi.c
@@ -611,7 +611,7 @@ lpfc_get_scsi_buf_s3(struct lpfc_hba *phba, struct lpfc_nodelist *ndlp,
}
spin_unlock_irqrestore(&phba->scsi_buf_list_get_lock, iflag);
- if (lpfc_ndlp_check_qdepth(phba, ndlp)) {
+ if (lpfc_ndlp_check_qdepth(phba, ndlp) && lpfc_cmd) {
atomic_inc(&ndlp->cmd_pending);
lpfc_cmd->flags |= LPFC_SBUF_BUMP_QDEPTH;
}
--
2.16.4