The Coverity checker spotted this obvious NULL pointer dereference.
Signed-off-by: Adrian Bunk <[email protected]>
---
drivers/scsi/dpt_i2o.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
--- linux-2.6.15-rc1-mm2-full/drivers/scsi/dpt_i2o.c.old 2005-11-20 22:13:37.000000000 +0100
+++ linux-2.6.15-rc1-mm2-full/drivers/scsi/dpt_i2o.c 2005-11-20 22:16:57.000000000 +0100
@@ -816,7 +816,7 @@
static void adpt_i2o_sys_shutdown(void)
{
adpt_hba *pHba, *pNext;
- struct adpt_i2o_post_wait_data *p1, *p2;
+ struct adpt_i2o_post_wait_data *p1, *old;
printk(KERN_INFO"Shutting down Adaptec I2O controllers.\n");
printk(KERN_INFO" This could take a few minutes if there are many devices attached\n");
@@ -830,13 +830,14 @@
}
/* Remove any timedout entries from the wait queue. */
- p2 = NULL;
// spin_lock_irqsave(&adpt_post_wait_lock, flags);
/* Nothing should be outstanding at this point so just
* free them
*/
- for(p1 = adpt_post_wait_queue; p1; p2 = p1, p1 = p2->next) {
- kfree(p1);
+ for(p1 = adpt_post_wait_queue; p1;) {
+ old = p1;
+ p1 = p1->next;
+ kfree(old);
}
// spin_unlock_irqrestore(&adpt_post_wait_lock, flags);
adpt_post_wait_queue = NULL;
Please send these again to the stable@ address when they have been
accepted into upstream.
thanks,
greg k-h
Cool, good catch. The driver can make a call to this function at runtime
when performing error recovery, not just at driver unload. Applied to
Adaptec Branch of this driver.
Sincerely -- Mark Salyzyn
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Adrian Bunk
Sent: Sunday, November 20, 2005 6:01 PM
To: [email protected]; [email protected]
Cc: [email protected]; [email protected];
[email protected]
Subject: [2.6 patch] drivers/scsi/dpt_i2o.c: fix a NULL pointer
dereference
The Coverity checker spotted this obvious NULL pointer dereference.
Signed-off-by: Adrian Bunk <[email protected]>
---
drivers/scsi/dpt_i2o.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
--- linux-2.6.15-rc1-mm2-full/drivers/scsi/dpt_i2o.c.old
2005-11-20 22:13:37.000000000 +0100
+++ linux-2.6.15-rc1-mm2-full/drivers/scsi/dpt_i2o.c 2005-11-20
22:16:57.000000000 +0100
@@ -816,7 +816,7 @@
static void adpt_i2o_sys_shutdown(void)
{
adpt_hba *pHba, *pNext;
- struct adpt_i2o_post_wait_data *p1, *p2;
+ struct adpt_i2o_post_wait_data *p1, *old;
printk(KERN_INFO"Shutting down Adaptec I2O controllers.\n");
printk(KERN_INFO" This could take a few minutes if there are
many devices attached\n");
@@ -830,13 +830,14 @@
}
/* Remove any timedout entries from the wait queue. */
- p2 = NULL;
// spin_lock_irqsave(&adpt_post_wait_lock, flags);
/* Nothing should be outstanding at this point so just
* free them
*/
- for(p1 = adpt_post_wait_queue; p1; p2 = p1, p1 = p2->next) {
- kfree(p1);
+ for(p1 = adpt_post_wait_queue; p1;) {
+ old = p1;
+ p1 = p1->next;
+ kfree(old);
}
// spin_unlock_irqrestore(&adpt_post_wait_lock, flags);
adpt_post_wait_queue = NULL;