scsi: csiostor: Fix a possible null-pointer dereference in csio_eh_lun_reset_handler()

[PATCH] scsi: csiostor: Fix a possible null-pointer dereference in csio_eh_lun_reset_handler()

Tuo Li posted 1 patch 1 month, 3 weeks ago

Download mbox

drivers/scsi/csiostor/csio_scsi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Expand all Fold all

[PATCH] scsi: csiostor: Fix a possible null-pointer dereference in csio_eh_lun_reset_handler()

Posted by Tuo Li 1 month, 3 weeks ago

In this function, rn is checked by an if statement. If it is NULL,
execution transfers to the fail label. However, rn may still
be dereferenced later via the following macro:

  CSIO_INC_STATS(rn, n_lun_rst_fail);

To avoid a potential null-pointer dereference, return FAILED directly when
rn is NULL, rather than transferring control to the common fail label.

Signed-off-by: Tuo Li <islituo@gmail.com>
---
 drivers/scsi/csiostor/csio_scsi.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/csiostor/csio_scsi.c b/drivers/scsi/csiostor/csio_scsi.c
index 34bde6650fae..feb1a9a9390b 100644
--- a/drivers/scsi/csiostor/csio_scsi.c
+++ b/drivers/scsi/csiostor/csio_scsi.c
@@ -2074,7 +2074,7 @@ csio_eh_lun_reset_handler(struct scsi_cmnd *cmnd)
 	struct csio_scsi_level_data sld;
 
 	if (!rn)
-		goto fail;
+		return FAILED;
 
 	csio_dbg(hw, "Request to reset LUN:%llu (ssni:0x%x tgtid:%d)\n",
 		      cmnd->device->lun, rn->flowid, rn->scsi_id);
-- 
2.43.0