From patchwork Wed Nov 18 13:18:09 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Maurizio Lombardi <mlombard@redhat.com>
X-Patchwork-Id: 7648741
Return-Path: <linux-scsi-owner@kernel.org>
X-Original-To: patchwork-linux-scsi@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id 9A98CBF90C
	for <patchwork-linux-scsi@patchwork.kernel.org>;
	Wed, 18 Nov 2015 13:18:15 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id C8642205F4
	for <patchwork-linux-scsi@patchwork.kernel.org>;
	Wed, 18 Nov 2015 13:18:14 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id A00782022A
	for <patchwork-linux-scsi@patchwork.kernel.org>;
	Wed, 18 Nov 2015 13:18:13 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755774AbbKRNSN (ORCPT
	<rfc822;patchwork-linux-scsi@patchwork.kernel.org>);
	Wed, 18 Nov 2015 08:18:13 -0500
Received: from mx1.redhat.com ([209.132.183.28]:54315 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1755749AbbKRNSM (ORCPT <rfc822;linux-scsi@vger.kernel.org>);
	Wed, 18 Nov 2015 08:18:12 -0500
Received: from int-mx14.intmail.prod.int.phx2.redhat.com
	(int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27])
	by mx1.redhat.com (Postfix) with ESMTPS id 3EA5F8E257;
	Wed, 18 Nov 2015 13:18:12 +0000 (UTC)
Received: from redhat-laptop.brq.redhat.com (dhcp-27-250.brq.redhat.com
	[10.34.27.250])
	by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with
	ESMTP id tAIDIAob006640; Wed, 18 Nov 2015 08:18:11 -0500
From: Maurizio Lombardi <mlombard@redhat.com>
To: Kai.Makisara@kolumbus.fi
Cc: linux-scsi@vger.kernel.org, James.Bottomley@HansenPartnership.com
Subject: [PATCH] st: fix potential null pointer dereference.
Date: Wed, 18 Nov 2015 14:18:09 +0100
Message-Id: <1447852689-28736-1-git-send-email-mlombard@redhat.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27
Sender: linux-scsi-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-scsi.vger.kernel.org>
X-Mailing-List: linux-scsi@vger.kernel.org
X-Spam-Status: No, score=-7.5 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	RP_MATCHES_RCVD,
	UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

If cdev_add() returns an error, the code calls
cdev_del() passing the STm->cdevs[rew] pointer as parameter;
the problem is that the pointer has not been initialized yet.

This patch fixes the problem by moving the STm->cdevs[rew] pointer
initialization before the call to cdev_add().
It also sets STm->devs[rew] = NULL if device_create() fails, just to be
sure we won't end up calling device_unregister() with an invalid pointer.

Signed-off-by: Maurizio Lombardi <mlombard@redhat.com>
---
 drivers/scsi/st.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/scsi/st.c b/drivers/scsi/st.c
index e0a1e52..dff3bdb 100644
--- a/drivers/scsi/st.c
+++ b/drivers/scsi/st.c
@@ -4083,6 +4083,7 @@ static int create_one_cdev(struct scsi_tape *tape, int mode, int rew)
 	}
 	cdev->owner = THIS_MODULE;
 	cdev->ops = &st_fops;
+	STm->cdevs[rew] = cdev;
 
 	error = cdev_add(cdev, cdev_devno, 1);
 	if (error) {
@@ -4091,7 +4092,6 @@ static int create_one_cdev(struct scsi_tape *tape, int mode, int rew)
 		pr_err("st%d: Device not attached.\n", dev_num);
 		goto out_free;
 	}
-	STm->cdevs[rew] = cdev;
 
 	i = mode << (4 - ST_NBR_MODE_BITS);
 	snprintf(name, 10, "%s%s%s", rew ? "n" : "",
@@ -4102,6 +4102,7 @@ static int create_one_cdev(struct scsi_tape *tape, int mode, int rew)
 	if (IS_ERR(dev)) {
 		pr_err("st%d: device_create failed\n", dev_num);
 		error = PTR_ERR(dev);
+		STm->devs[rew] = NULL;
 		goto out_free;
 	}