From 6f23f8c5c9f1be4eb17c035129c80e49000c18a7 Mon Sep 17 00:00:00 2001 From: James Smart Date: Mon, 11 Nov 2019 15:03:56 -0800 Subject: [PATCH] scsi: lpfc: fix: Coverity: lpfc_get_scsi_buf_s3(): Null pointer dereferences Coverity reported the following: *** CID 1487391: Null pointer dereferences (FORWARD_NULL) /drivers/scsi/lpfc/lpfc_scsi.c: 614 in lpfc_get_scsi_buf_s3() 608 spin_unlock(&phba->scsi_buf_list_put_lock); 609 } 610 spin_unlock_irqrestore(&phba->scsi_buf_list_get_lock, iflag); 611 612 if (lpfc_ndlp_check_qdepth(phba, ndlp)) { 613 atomic_inc(&ndlp->cmd_pending); vvv CID 1487391: Null pointer dereferences (FORWARD_NULL) vvv Dereferencing null pointer "lpfc_cmd". 614 lpfc_cmd->flags |= LPFC_SBUF_BUMP_QDEPTH; 615 } 616 return lpfc_cmd; 617 } 618 /** 619 * lpfc_get_scsi_buf_s4 - Get a scsi buffer from io_buf_list of the HBA Fix by checking lpfc_cmd to be non-NULL as part of line 612 Reported-by: coverity-bot Addresses-Coverity-ID: 1487391 ("Null pointer dereferences") Fixes: 2a5b7d626ed2 ("scsi: lpfc: Limit tracking of tgt queue depth in fast path") CC: "Martin K. Petersen" CC: "Gustavo A. R. Silva" CC: linux-next@vger.kernel.org Link: https://lore.kernel.org/r/20191111230401.12958-2-jsmart2021@gmail.com Reviewed-by: Ewan D. Milne Signed-off-by: Dick Kennedy Signed-off-by: James Smart Signed-off-by: Martin K. Petersen --- drivers/scsi/lpfc/lpfc_scsi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c index 959ef471d758..ba26df90a36a 100644 --- a/drivers/scsi/lpfc/lpfc_scsi.c +++ b/drivers/scsi/lpfc/lpfc_scsi.c @@ -611,7 +611,7 @@ lpfc_get_scsi_buf_s3(struct lpfc_hba *phba, struct lpfc_nodelist *ndlp, } spin_unlock_irqrestore(&phba->scsi_buf_list_get_lock, iflag); - if (lpfc_ndlp_check_qdepth(phba, ndlp)) { + if (lpfc_ndlp_check_qdepth(phba, ndlp) && lpfc_cmd) { atomic_inc(&ndlp->cmd_pending); lpfc_cmd->flags |= LPFC_SBUF_BUMP_QDEPTH; } -- 2.11.0