Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp626234pxj;
        Thu, 3 Jun 2021 15:27:52 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJz/M2MrhkewAV+PV0/ed0VgVqYfYxRYZZQwY0YPFz93Jgr7D73tr/XKGdYEhVqtWwJQwxsV
X-Received: by 2002:a17:906:49c8:: with SMTP id w8mr1297712ejv.497.1622759272675;
        Thu, 03 Jun 2021 15:27:52 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1622759272; cv=none;
        d=google.com; s=arc-20160816;
        b=BiDdV4yPGDDhqgpChvl3CBxiujFUxS0lve4rk1uCd8ld5Qovy93JCfWpcV+61+5Rb3
         NP6dsFh9bSyYfTGBitFaixc6KTffaTEMKBHWv53NYhwFyfVk0juU9tP5ZcZIrSgtLDRM
         MlLG8SKPdlstjoREdZj1lYRhl1YnMXnMmQk7TdoKTCQ5JG36K74R5iY+UerLjnPvaOsE
         GKJe+svq8l6PywBToWjWvXDWk9HHPPRS21HPsrYneBFbt2i1jBMen9u7KvsvAQ/F/1iA
         d95EnklTW87Y1vxWNRC94TVQvY+zR/pxT3oay00TNXtLrefiKRUudP7p23qDd8KOLs5s
         wD2g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:content-language
         :mime-version:user-agent:date:message-id:subject:from:cc:to;
        bh=qsNcLMC6UzuoVriJJjT0lW5TlR9epJ19lpf2o7Oq350=;
        b=Bu0E6zWMQaiQAiWrx0TjwafdBAKXbbhUf/uO9XndO4eu4S1/SlSuzaeD0TNb4yTAUF
         6krHDzE6UcwCPNKfXxa1LzGRi187KnWt6SSXEO+jCpHLGUcxWabzdZOdN30bB8UmAr4R
         OBScXvsqrUlv9rGWnf2dwFGiw3UC6/H9e+OGeLnWWf82dZ4xY45UKCBirmyM7viyPg9K
         k+CIxFxmPCWl3JqSaPCT30FlgWy6UKY7PFXV0YKgcB/AkrBfPYckZl9J3gZrcFAydd0M
         GUjhfY8tp3Xgnw74fyw5kCxSH4gekcS3rAtgmc6+cwl9NT820jnArhDWpgzv9EMJL1Ea
         Dp9g==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id bm25si3065000edb.202.2021.06.03.15.27.28;
        Thu, 03 Jun 2021 15:27:52 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230217AbhFCW0x (ORCPT <rfc822;luming.yu@gmail.com> + 99 others);
        Thu, 3 Jun 2021 18:26:53 -0400
Received: from youngberry.canonical.com ([91.189.89.112]:53257 "EHLO
        youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229620AbhFCW0w (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 3 Jun 2021 18:26:52 -0400
Received: from 1.general.cking.uk.vpn ([10.172.193.212])
        by youngberry.canonical.com with esmtpsa  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        (Exim 4.93)
        (envelope-from <colin.king@canonical.com>)
        id 1lovly-00033Z-H7; Thu, 03 Jun 2021 22:25:06 +0000
To:     Mike Christie <michael.christie@oracle.com>
Cc:     Lee Duncan <lduncan@suse.com>,
        "Martin K. Petersen" <martin.petersen@oracle.com>,
        "linux-scsi@vger.kernel.org" <linux-scsi@vger.kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
From:   Colin Ian King <colin.king@canonical.com>
Subject: re: scsi: iscsi: Drop suspend calls from ep_disconnect
Message-ID: <c429f1a3-348d-2cc4-7652-68ea4a63067e@canonical.com>
Date:   Thu, 3 Jun 2021 23:25:06 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.8.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi,

Static analysis on linux-next with Coverity has found an issue in
drivers/scsi/qedi/qedi_iscsi.c with the following commit:

commit 27e986289e739d08c1a4861cc3d3ec9b3a60845e
Author: Mike Christie <michael.christie@oracle.com>
Date:   Tue May 25 13:17:56 2021 -0500

    scsi: iscsi: Drop suspend calls from ep_disconnect

The analysis is as follows:

1662 void qedi_clear_session_ctx(struct iscsi_cls_session *cls_sess)
1663 {
1664        struct iscsi_session *session = cls_sess->dd_data;
1665        struct iscsi_conn *conn = session->leadconn;

    deref_ptr: Directly dereferencing pointer conn.

1666        struct qedi_conn *qedi_conn = conn->dd_data;
1667
1668        if (iscsi_is_session_online(cls_sess)) {
   Dereference before null check (REVERSE_INULL)
   check_after_deref: Null-checking conn suggests that it may be null,
but it has already been dereferenced on all paths leading to the check.

1669                if (conn)
1670                        iscsi_suspend_queue(conn);
1671                qedi_ep_disconnect(qedi_conn->iscsi_ep);
1672        }

Pointer conn is being checked to see if it is null, but earlier it has
been dereferenced on the assignment of qedi_conn.  So either conn will
be null at some point and a null ptr dereference occurs when qedi_conn
is assigned, or conn can never be null and the conn null check is
redundant and can be removed.

Colin