| From 7319d3de39f5911eba25fc8cf8dcbae791b7f50d Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Mon, 11 Nov 2019 15:03:57 -0800 |
| Subject: scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer |
| dereferences |
| |
| From: James Smart <jsmart2021@gmail.com> |
| |
| [ Upstream commit 6c6d59e0fe5b86cf273d6d744a6a9768c4ecc756 ] |
| |
| Coverity reported the following: |
| |
| *** CID 101747: Null pointer dereferences (FORWARD_NULL) |
| /drivers/scsi/lpfc/lpfc_els.c: 4439 in lpfc_cmpl_els_rsp() |
| 4433 kfree(mp); |
| 4434 } |
| 4435 mempool_free(mbox, phba->mbox_mem_pool); |
| 4436 } |
| 4437 out: |
| 4438 if (ndlp && NLP_CHK_NODE_ACT(ndlp)) { |
| vvv CID 101747: Null pointer dereferences (FORWARD_NULL) |
| vvv Dereferencing null pointer "shost". |
| 4439 spin_lock_irq(shost->host_lock); |
| 4440 ndlp->nlp_flag &= ~(NLP_ACC_REGLOGIN | NLP_RM_DFLT_RPI); |
| 4441 spin_unlock_irq(shost->host_lock); |
| 4442 |
| 4443 /* If the node is not being used by another discovery thread, |
| 4444 * and we are sending a reject, we are done with it. |
| |
| Fix by adding a check for non-null shost in line 4438. |
| The scenario when shost is set to null is when ndlp is null. |
| As such, the ndlp check present was sufficient. But better safe |
| than sorry so add the shost check. |
| |
| Reported-by: coverity-bot <keescook+coverity-bot@chromium.org> |
| Addresses-Coverity-ID: 101747 ("Null pointer dereferences") |
| Fixes: 2e0fef85e098 ("[SCSI] lpfc: NPIV: split ports") |
| |
| CC: James Bottomley <James.Bottomley@SteelEye.com> |
| CC: "Gustavo A. R. Silva" <gustavo@embeddedor.com> |
| CC: linux-next@vger.kernel.org |
| Link: https://lore.kernel.org/r/20191111230401.12958-3-jsmart2021@gmail.com |
| Reviewed-by: Ewan D. Milne <emilne@redhat.com> |
| Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com> |
| Signed-off-by: James Smart <jsmart2021@gmail.com> |
| Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| drivers/scsi/lpfc/lpfc_els.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| diff --git a/drivers/scsi/lpfc/lpfc_els.c b/drivers/scsi/lpfc/lpfc_els.c |
| index 4f4d1b3b3bbc..7398350b08b4 100644 |
| --- a/drivers/scsi/lpfc/lpfc_els.c |
| +++ b/drivers/scsi/lpfc/lpfc_els.c |
| @@ -4110,7 +4110,7 @@ lpfc_cmpl_els_rsp(struct lpfc_hba *phba, struct lpfc_iocbq *cmdiocb, |
| mempool_free(mbox, phba->mbox_mem_pool); |
| } |
| out: |
| - if (ndlp && NLP_CHK_NODE_ACT(ndlp)) { |
| + if (ndlp && NLP_CHK_NODE_ACT(ndlp) && shost) { |
| spin_lock_irq(shost->host_lock); |
| ndlp->nlp_flag &= ~(NLP_ACC_REGLOGIN | NLP_RM_DFLT_RPI); |
| spin_unlock_irq(shost->host_lock); |
| -- |
| 2.20.1 |
| |