Commit 6f23f8c5 authored by James Smart's avatar James Smart Committed by Martin K. Petersen

scsi: lpfc: fix: Coverity: lpfc_get_scsi_buf_s3(): Null pointer dereferences

Coverity reported the following:

*** CID 1487391:  Null pointer dereferences  (FORWARD_NULL)
/drivers/scsi/lpfc/lpfc_scsi.c: 614 in lpfc_get_scsi_buf_s3()
608     		spin_unlock(&phba->scsi_buf_list_put_lock);
609     	}
610     	spin_unlock_irqrestore(&phba->scsi_buf_list_get_lock, iflag);
611
612     	if (lpfc_ndlp_check_qdepth(phba, ndlp)) {
613     		atomic_inc(&ndlp->cmd_pending);
vvv     CID 1487391:  Null pointer dereferences  (FORWARD_NULL)
vvv     Dereferencing null pointer "lpfc_cmd".
614     		lpfc_cmd->flags |= LPFC_SBUF_BUMP_QDEPTH;
615     	}
616     	return  lpfc_cmd;
617     }
618     /**
619      * lpfc_get_scsi_buf_s4 - Get a scsi buffer from io_buf_list of the HBA

Fix by checking lpfc_cmd to be non-NULL as part of line 612
Reported-by: default avatarcoverity-bot <keescook+coverity-bot@chromium.org>
Addresses-Coverity-ID: 1487391 ("Null pointer dereferences")
Fixes: 2a5b7d62 ("scsi: lpfc: Limit tracking of tgt queue depth in fast path")

CC: "Martin K. Petersen" <martin.petersen@oracle.com>
CC: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
CC: linux-next@vger.kernel.org
Link: https://lore.kernel.org/r/20191111230401.12958-2-jsmart2021@gmail.comReviewed-by: default avatarEwan D. Milne <emilne@redhat.com>
Signed-off-by: default avatarDick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: default avatarJames Smart <jsmart2021@gmail.com>
Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
parent 6979e56c
...@@ -611,7 +611,7 @@ lpfc_get_scsi_buf_s3(struct lpfc_hba *phba, struct lpfc_nodelist *ndlp, ...@@ -611,7 +611,7 @@ lpfc_get_scsi_buf_s3(struct lpfc_hba *phba, struct lpfc_nodelist *ndlp,
} }
spin_unlock_irqrestore(&phba->scsi_buf_list_get_lock, iflag); spin_unlock_irqrestore(&phba->scsi_buf_list_get_lock, iflag);
if (lpfc_ndlp_check_qdepth(phba, ndlp)) { if (lpfc_ndlp_check_qdepth(phba, ndlp) && lpfc_cmd) {
atomic_inc(&ndlp->cmd_pending); atomic_inc(&ndlp->cmd_pending);
lpfc_cmd->flags |= LPFC_SBUF_BUMP_QDEPTH; lpfc_cmd->flags |= LPFC_SBUF_BUMP_QDEPTH;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment