From patchwork Fri Jul 28 12:35:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexandra Diupina X-Patchwork-Id: 127635 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:918b:0:b0:3e4:2afc:c1 with SMTP id s11csp433428vqg; Fri, 28 Jul 2023 06:26:18 -0700 (PDT) X-Google-Smtp-Source: APBJJlHhDKpgujOR15AfAoItvp6509o+dXo8gV/bFLwGxJkgS+FCP0uob3y7IuiQDZ93FbgfX+ct X-Received: by 2002:a05:6a20:96c9:b0:12d:d615:9279 with SMTP id hq9-20020a056a2096c900b0012dd6159279mr1377076pzc.25.1690550778296; Fri, 28 Jul 2023 06:26:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690550778; cv=none; d=google.com; s=arc-20160816; b=DQYx8JqYYMmhMSH+NeoI6V5jrcVyqXbpbPDdcjZpPsMraW9glcd26susHexjLW30os G8dvpiZUJNk2sX7gjWgrkBZOwdUQlCD4dXX8wSxdxG3bdxG5i9NTbKEoWeCMuxi/rIl6 WMVsyMnZOlSyAZ16Vs4+uX59TtnZ6ysX+LWAJCsi7v5DbfnfDKFOPOtcIeIHvon+YPgs djJfuhFrFnJ0DjkBG2YR0GsvS/bbPBl45G+T/Y2gNj+yGxtq20QHI3WAfzWxhDwI+x0b 3bqhaDt/svHr54gfJe11vFjaiLIzNh0z5QWt/GN5dMNoW8tFeV8ohfLsJzlCMhEnR+7p n4NA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=InN8etamFDQpgtoizTV42lrbyG47f4mdPyxtUzDIR1U=; fh=mZS8HZFU7gN9SBjBWyLh338q0VxeOSiALv0upet84Q8=; b=rITK1CaqRr5XU+wsbXARfsd7sQEpOYtr/moJh98ZwckpSCEvHGxrIQjR9mlG2rsmM6 HwthFgfbHVQBmO7remucH8CTeVRu3QtT1/GzXIptryH5M2u6X0P5vJGSIqXqCdkwJiD8 NYMp+BvbEpb7Ve1oolu0O/+0/SEhPAsYefD7jpUKIEawTHCATYI64r9/AQKwPD4mpaxd 1fibF9KXRaDeyOEovqCC/O6+iPce7cR/wMwQmJ2ol48X+oLQuoXaWRmszP7nP1LxN1nx 2kXma93hQgxFxsImJSsePbc6k+QBLpmwJ15M3yD8teGPBDYmSW371HY3TB9ADP7r8ulI dV/w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u11-20020a6540cb000000b005640a32d25esi2363016pgp.517.2023.07.28.06.26.00; Fri, 28 Jul 2023 06:26:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236226AbjG1Mfk (ORCPT + 99 others); Fri, 28 Jul 2023 08:35:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50122 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232155AbjG1Mfj (ORCPT ); Fri, 28 Jul 2023 08:35:39 -0400 Received: from mail.astralinux.ru (mail.astralinux.ru [217.74.38.119]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8EBF319A7; Fri, 28 Jul 2023 05:35:37 -0700 (PDT) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.astralinux.ru (Postfix) with ESMTP id E9F3B18679AA; Fri, 28 Jul 2023 15:35:33 +0300 (MSK) Received: from mail.astralinux.ru ([127.0.0.1]) by localhost (rbta-msk-vsrv-mail01.astralinux.ru [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id 6ve81zsREcdP; Fri, 28 Jul 2023 15:35:33 +0300 (MSK) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.astralinux.ru (Postfix) with ESMTP id 96FB31867928; Fri, 28 Jul 2023 15:35:33 +0300 (MSK) X-Virus-Scanned: amavisd-new at astralinux.ru Received: from mail.astralinux.ru ([127.0.0.1]) by localhost (rbta-msk-vsrv-mail01.astralinux.ru [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 5TaoK-WC4Lub; Fri, 28 Jul 2023 15:35:33 +0300 (MSK) Received: from rbta-msk-lt-302690.astralinux.ru (unknown [10.177.233.185]) by mail.astralinux.ru (Postfix) with ESMTPSA id B67FC18655F1; Fri, 28 Jul 2023 15:35:32 +0300 (MSK) From: Alexandra Diupina To: "James E.J. Bottomley" Cc: Alexandra Diupina , "Martin K. Petersen" , linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org, lvc-project@linuxtesting.org, Vladimir Telezhnikov Subject: [PATCH v2] 53c700: add 'slot' check to NULL Date: Fri, 28 Jul 2023 15:35:21 +0300 Message-Id: <20230728123521.18293-1-adiupina@astralinux.ru> X-Mailer: git-send-email 2.30.2 In-Reply-To: <7e4c7af1adbfa91d05259ae65cade66521c3b182.camel@HansenPartnership.com> References: MIME-Version: 1.0 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772593599813163733 X-GMAIL-MSGID: 1772670972806261661 Add a 'slot' check for a null value to avoid dereferencing the null pointer Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Co-developed-by: Vladimir Telezhnikov Signed-off-by: Vladimir Telezhnikov Signed-off-by: Alexandra Diupina --- v2: Move the 'slot' variable check to an existing if-else expression as James E.J. Bottomley suggested drivers/scsi/53c700.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/53c700.c b/drivers/scsi/53c700.c index e1e4f9d10887..857be0f3ae5b 100644 --- a/drivers/scsi/53c700.c +++ b/drivers/scsi/53c700.c @@ -1598,7 +1598,7 @@ NCR_700_intr(int irq, void *dev_id) printk("scsi%d (%d:%d) PHASE MISMATCH IN SEND MESSAGE %d remain, return %p[%04x], phase %s\n", host->host_no, pun, lun, count, (void *)temp, temp - hostdata->pScript, sbcl_to_string(NCR_700_readb(host, SBCL_REG))); #endif resume_offset = hostdata->pScript + Ent_SendMessagePhaseMismatch; - } else if(dsp >= to32bit(&slot->pSG[0].ins) && + } else if (slot && dsp >= to32bit(&slot->pSG[0].ins) && dsp <= to32bit(&slot->pSG[NCR_700_SG_SEGMENTS].ins)) { int data_transfer = NCR_700_readl(host, DBC_REG) & 0xffffff; int SGcount = (dsp - to32bit(&slot->pSG[0].ins))/sizeof(struct NCR_700_SG_List);