From: Colin Ian King <[email protected]>
Currently the check for a lockup_detected failure exits via the
label return_reset_status that reads and dereferences an uninitialized
pointer dev. Fix this by ensuring dev is inintialized to null.
Addresses-Coverity: ("Uninitialized pointer read")
Fixes: 14991a5bade5 ("scsi: hpsa: correct device resets")
Signed-off-by: Colin Ian King <[email protected]>
---
drivers/scsi/hpsa.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
index c560a4532733..ac8338b0571b 100644
--- a/drivers/scsi/hpsa.c
+++ b/drivers/scsi/hpsa.c
@@ -5947,7 +5947,7 @@ static int hpsa_eh_device_reset_handler(struct scsi_cmnd *scsicmd)
int rc = SUCCESS;
int i;
struct ctlr_info *h;
- struct hpsa_scsi_dev_t *dev;
+ struct hpsa_scsi_dev_t *dev = NULL;
u8 reset_type;
char msg[48];
unsigned long flags;
--
2.20.1
----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of Colin King
Sent: Wednesday, May 22, 2019 3:39 AM
To: Don Brace <[email protected]>; James E . J . Bottomley <[email protected]>; Martin K . Petersen <[email protected]>; [email protected]; [email protected]
Cc: [email protected]; [email protected]
Subject: [PATCH][next] scsi: hpsa: fix an uninitialized read and dereference of pointer dev
From: Colin Ian King <[email protected]>
Currently the check for a lockup_detected failure exits via the label return_reset_status that reads and dereferences an uninitialized pointer dev. Fix this by ensuring dev is inintialized to null.
Addresses-Coverity: ("Uninitialized pointer read")
Fixes: 14991a5bade5 ("scsi: hpsa: correct device resets")
Signed-off-by: Colin Ian King <[email protected]>
I sent up a similar patch on 5/16, but this is just as good.
Acked-by: Don Brace <[email protected]>
Thanks for your patch.
---
drivers/scsi/hpsa.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c index c560a4532733..ac8338b0571b 100644
--- a/drivers/scsi/hpsa.c
+++ b/drivers/scsi/hpsa.c
@@ -5947,7 +5947,7 @@ static int hpsa_eh_device_reset_handler(struct scsi_cmnd *scsicmd)
int rc = SUCCESS;
int i;
struct ctlr_info *h;
- struct hpsa_scsi_dev_t *dev;
+ struct hpsa_scsi_dev_t *dev = NULL;
u8 reset_type;
char msg[48];
unsigned long flags;
--
2.20.1
On Wed, May 22, 2019 at 09:39:03AM +0100, Colin King wrote:
> From: Colin Ian King <[email protected]>
>
> Currently the check for a lockup_detected failure exits via the
> label return_reset_status that reads and dereferences an uninitialized
> pointer dev. Fix this by ensuring dev is inintialized to null.
>
> Addresses-Coverity: ("Uninitialized pointer read")
> Fixes: 14991a5bade5 ("scsi: hpsa: correct device resets")
> Signed-off-by: Colin Ian King <[email protected]>
Reviewed-by: Nathan Chancellor <[email protected]>
Clang similarly warns about this, hence my identical submission after
this, sorry for the noise.
> ---
> drivers/scsi/hpsa.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
> index c560a4532733..ac8338b0571b 100644
> --- a/drivers/scsi/hpsa.c
> +++ b/drivers/scsi/hpsa.c
> @@ -5947,7 +5947,7 @@ static int hpsa_eh_device_reset_handler(struct scsi_cmnd *scsicmd)
> int rc = SUCCESS;
> int i;
> struct ctlr_info *h;
> - struct hpsa_scsi_dev_t *dev;
> + struct hpsa_scsi_dev_t *dev = NULL;
> u8 reset_type;
> char msg[48];
> unsigned long flags;
> --
> 2.20.1
>
Colin,
> Currently the check for a lockup_detected failure exits via the label
> return_reset_status that reads and dereferences an uninitialized
> pointer dev. Fix this by ensuring dev is inintialized to null.
Applied to 5.3/scsi-queue, thanks!
--
Martin K. Petersen Oracle Linux Engineering