| Message ID | 20190522083903.18849-1-colin.king@canonical.com (mailing list archive) |
|---|---|
| State | Mainlined |
| Commit | 36631157eb3ff8b0b359d574452ebb8f81370ec5 |
| Headers | show |
| Series | [next] scsi: hpsa: fix an uninitialized read and dereference of pointer dev | expand |
----Original Message----- From: linux-scsi-owner@vger.kernel.org [mailto:linux-scsi-owner@vger.kernel.org] On Behalf Of Colin King Sent: Wednesday, May 22, 2019 3:39 AM To: Don Brace <don.brace@microsemi.com>; James E . J . Bottomley <jejb@linux.ibm.com>; Martin K . Petersen <martin.petersen@oracle.com>; esc.storagedev@microsemi.com; linux-scsi@vger.kernel.org Cc: kernel-janitors@vger.kernel.org; linux-kernel@vger.kernel.org Subject: [PATCH][next] scsi: hpsa: fix an uninitialized read and dereference of pointer dev From: Colin Ian King <colin.king@canonical.com> Currently the check for a lockup_detected failure exits via the label return_reset_status that reads and dereferences an uninitialized pointer dev. Fix this by ensuring dev is inintialized to null. Addresses-Coverity: ("Uninitialized pointer read") Fixes: 14991a5bade5 ("scsi: hpsa: correct device resets") Signed-off-by: Colin Ian King <colin.king@canonical.com> I sent up a similar patch on 5/16, but this is just as good. Acked-by: Don Brace <don.brace@microsemi.com> Thanks for your patch. --- drivers/scsi/hpsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c index c560a4532733..ac8338b0571b 100644 --- a/drivers/scsi/hpsa.c +++ b/drivers/scsi/hpsa.c @@ -5947,7 +5947,7 @@ static int hpsa_eh_device_reset_handler(struct scsi_cmnd *scsicmd) int rc = SUCCESS; int i; struct ctlr_info *h; - struct hpsa_scsi_dev_t *dev; + struct hpsa_scsi_dev_t *dev = NULL; u8 reset_type; char msg[48]; unsigned long flags; -- 2.20.1
On Wed, May 22, 2019 at 09:39:03AM +0100, Colin King wrote: > From: Colin Ian King <colin.king@canonical.com> > > Currently the check for a lockup_detected failure exits via the > label return_reset_status that reads and dereferences an uninitialized > pointer dev. Fix this by ensuring dev is inintialized to null. > > Addresses-Coverity: ("Uninitialized pointer read") > Fixes: 14991a5bade5 ("scsi: hpsa: correct device resets") > Signed-off-by: Colin Ian King <colin.king@canonical.com> Reviewed-by: Nathan Chancellor <natechancellor@gmail.com> Clang similarly warns about this, hence my identical submission after this, sorry for the noise. > --- > drivers/scsi/hpsa.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c > index c560a4532733..ac8338b0571b 100644 > --- a/drivers/scsi/hpsa.c > +++ b/drivers/scsi/hpsa.c > @@ -5947,7 +5947,7 @@ static int hpsa_eh_device_reset_handler(struct scsi_cmnd *scsicmd) > int rc = SUCCESS; > int i; > struct ctlr_info *h; > - struct hpsa_scsi_dev_t *dev; > + struct hpsa_scsi_dev_t *dev = NULL; > u8 reset_type; > char msg[48]; > unsigned long flags; > -- > 2.20.1 >
Colin, > Currently the check for a lockup_detected failure exits via the label > return_reset_status that reads and dereferences an uninitialized > pointer dev. Fix this by ensuring dev is inintialized to null. Applied to 5.3/scsi-queue, thanks!
diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c index c560a4532733..ac8338b0571b 100644 --- a/drivers/scsi/hpsa.c +++ b/drivers/scsi/hpsa.c @@ -5947,7 +5947,7 @@ static int hpsa_eh_device_reset_handler(struct scsi_cmnd *scsicmd) int rc = SUCCESS; int i; struct ctlr_info *h; - struct hpsa_scsi_dev_t *dev; + struct hpsa_scsi_dev_t *dev = NULL; u8 reset_type; char msg[48]; unsigned long flags;