1. Patchew
  2. linux
  3. View series

[PATCH] scsi: qla4xxx: Prevent a potential error pointer dereference

Dan Carpenter posted 1 patch 1 month, 3 weeks ago 
drivers/scsi/qla4xxx/ql4_os.c | 2 ++
1 file changed, 2 insertions(+)
[PATCH] scsi: qla4xxx: Prevent a potential error pointer dereference
Posted by Dan Carpenter 1 month, 3 weeks ago 
The qla4xxx_get_ep_fwdb() function is supposed to return NULL on error,
but qla4xxx_ep_connect() returns error pointers.  Propagating the error
pointers will lead to an Oops in the caller, so change the error
pointers to NULL.

Fixes: 13483730a13b ("[SCSI] qla4xxx: fix flash/ddb support")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
---
 drivers/scsi/qla4xxx/ql4_os.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c
index a39f1da4ce47..a761c0aa5127 100644
--- a/drivers/scsi/qla4xxx/ql4_os.c
+++ b/drivers/scsi/qla4xxx/ql4_os.c
@@ -6606,6 +6606,8 @@ static struct iscsi_endpoint *qla4xxx_get_ep_fwdb(struct scsi_qla_host *ha,
 
 	ep = qla4xxx_ep_connect(ha->host, (struct sockaddr *)dst_addr, 0);
 	vfree(dst_addr);
+	if (IS_ERR(ep))
+		return NULL;
 	return ep;
 }
 
-- 
2.47.2
Re: [PATCH] scsi: qla4xxx: Prevent a potential error pointer dereference
Posted by Martin K. Petersen 1 month, 2 weeks ago 
On Wed, 13 Aug 2025 08:49:08 +0300, Dan Carpenter wrote:

> The qla4xxx_get_ep_fwdb() function is supposed to return NULL on error,
> but qla4xxx_ep_connect() returns error pointers.  Propagating the error
> pointers will lead to an Oops in the caller, so change the error
> pointers to NULL.
> 
> 

Applied to 6.17/scsi-fixes, thanks!

[1/1] scsi: qla4xxx: Prevent a potential error pointer dereference
      https://git.kernel.org/mkp/scsi/c/9dcf111dd3e7

-- 
Martin K. Petersen
Re: [PATCH] scsi: qla4xxx: Prevent a potential error pointer dereference
Posted by Chris Leech 1 month, 3 weeks ago 
On Wed, Aug 13, 2025 at 08:49:08AM +0300, Dan Carpenter wrote:
> The qla4xxx_get_ep_fwdb() function is supposed to return NULL on error,
> but qla4xxx_ep_connect() returns error pointers.  Propagating the error
> pointers will lead to an Oops in the caller, so change the error
> pointers to NULL.

Looks right to me.

Reviewed-by: Chris Leech <cleech@redhat.com>

> Fixes: 13483730a13b ("[SCSI] qla4xxx: fix flash/ddb support")
> Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
> ---
>  drivers/scsi/qla4xxx/ql4_os.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c
> index a39f1da4ce47..a761c0aa5127 100644
> --- a/drivers/scsi/qla4xxx/ql4_os.c
> +++ b/drivers/scsi/qla4xxx/ql4_os.c
> @@ -6606,6 +6606,8 @@ static struct iscsi_endpoint *qla4xxx_get_ep_fwdb(struct scsi_qla_host *ha,
>  
>  	ep = qla4xxx_ep_connect(ha->host, (struct sockaddr *)dst_addr, 0);
>  	vfree(dst_addr);
> +	if (IS_ERR(ep))
> +		return NULL;
>  	return ep;
>  }
>  
> -- 
> 2.47.2
>

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.