Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp3537130pxb; Mon, 24 Jan 2022 11:41:08 -0800 (PST) X-Google-Smtp-Source: ABdhPJxlpPfkNl4QRa7443z+wvhZAzvHoIzBFDd6BGC3j/y6bWFZQWztpEbGkgIWzqEh7zGshXCi X-Received: by 2002:a17:902:aa49:b0:14a:c390:a44b with SMTP id c9-20020a170902aa4900b0014ac390a44bmr16226019plr.11.1643053268010; Mon, 24 Jan 2022 11:41:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643053268; cv=none; d=google.com; s=arc-20160816; b=RyYwjfePuXGUy9u5MR2JwdOH/BfBREAAk6KRqD2RmadX4N3Zct6hH6DotvJMRIw8mu vI3mIyEmlBd+FIA+atHInB8RtVAraZlexzQpl3Xjl6y8TPOh3usCg4onRgfvbBYKLwRx 9394T2JIfgIZHMcXqP+t+CeDdxgy62WeNhc9nbskjIda0pFH6L09rxvL6m4ckDNY3eEw BhBBSDL/BnKdwDD3w0hgDE+tjOIjd9RWO6MBCgAhxaui7ZPaE8efn7G4VLmoPf65N+ru 9Z/un5fcOiGn0Bl8VsZPZymSP3n/m5qP19rABjdR5j0Di5yEDr4oFzvFTvHUQc2Hs++U 20Jw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature:dkim-filter :dmarc-filter; bh=vF2fJlNmkwltSc0OR3AIOEuqnVr6sggA/rInxG0v7nA=; b=w8mZM/Q92ASP75wQNoS6x54mrM/0VI8XCnkTl9/dx1V/yyQlMFrbIxZ8JqmA8Tg8C7 sEJarF2ILlXdVbzpKSaujF1vPSFyqVZxHpbtYr0fkiCPc/hYYPwJhFpsS83cn4qcFgJU pHrATa/zan59v4jHDH4YQDdcasfw39FdHf+5CG2xFKO9FNY9tcIAogJyjXcK4C0/lpL+ QEZbve5agpdK9URnasZd/ClxvJLiJlXPvmV1FCou8fPRTCTSQThuS8kkF7oblLmmJSL9 CtE58K7k2OQfLv2BOZc3CXIkqq0oWeqWuLihmpnkSgW5Y2FGHOByUj7RylN84AqBxwvq iwZw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@umn.edu header.s=google header.b=Yf8BnyP7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=umn.edu Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u10si4451837pfk.192.2022.01.24.11.40.55; Mon, 24 Jan 2022 11:41:07 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@umn.edu header.s=google header.b=Yf8BnyP7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=umn.edu Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240948AbiAXRWg (ORCPT + 99 others); Mon, 24 Jan 2022 12:22:36 -0500 Received: from mta-p7.oit.umn.edu ([134.84.196.207]:50060 "EHLO mta-p7.oit.umn.edu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240257AbiAXRWg (ORCPT ); Mon, 24 Jan 2022 12:22:36 -0500 Received: from localhost (unknown [127.0.0.1]) by mta-p7.oit.umn.edu (Postfix) with ESMTP id 4JjGyM4z18z9vCBS for ; Mon, 24 Jan 2022 17:22:35 +0000 (UTC) X-Virus-Scanned: amavisd-new at umn.edu Received: from mta-p7.oit.umn.edu ([127.0.0.1]) by localhost (mta-p7.oit.umn.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GsEAzjtjryDo for ; Mon, 24 Jan 2022 11:22:35 -0600 (CST) Received: from mail-pf1-f199.google.com (mail-pf1-f199.google.com [209.85.210.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mta-p7.oit.umn.edu (Postfix) with ESMTPS id 4JjGyM2ybtz9vCBX for ; Mon, 24 Jan 2022 11:22:35 -0600 (CST) DMARC-Filter: OpenDMARC Filter v1.3.2 mta-p7.oit.umn.edu 4JjGyM2ybtz9vCBX DKIM-Filter: OpenDKIM Filter v2.11.0 mta-p7.oit.umn.edu 4JjGyM2ybtz9vCBX Received: by mail-pf1-f199.google.com with SMTP id u80-20020a627953000000b004c82105f20dso2670272pfc.11 for ; Mon, 24 Jan 2022 09:22:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umn.edu; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=vF2fJlNmkwltSc0OR3AIOEuqnVr6sggA/rInxG0v7nA=; b=Yf8BnyP70J3zZ+qyndL20aJT2U8I9ToajN4PBdtxQasG/aAXHhRCIg0jRGBqS6fQY8 RtQMY8TaJ791JxjlCUR5zTpYwO0MWe55lkNuhSq0L0JEm9zLtA5GlI1Ia/ascECJtlpa qojMzEpxA8KgJ19GjWWArLyNjVtsoBXaYsfT9fJw/Ukez7878s1JvJjGshReJ3df4S2/ PNAsPZAMyj4R5T5Va3FhueenTt7XAfdMwQjdznznQ5hKoOFk/gy3qiAbvTbKtKLB8X1Y DLK73a5L+rj+jPDXgr8XQwqGRXbcAAfIpLHIJMEdl8Z7acX4QrVdPymIt5OeAWAYVFFE YDsw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=vF2fJlNmkwltSc0OR3AIOEuqnVr6sggA/rInxG0v7nA=; b=AkLJI+7Isujua6GBMtFl6m/ZVlrR26huVFtZPOi4ig38nfL8oiHjboxhGOeoJNYWtI vY6bBvPwCycLSGZNqG4G6MJ11I1gjDVU9Kdx+WeNyfsVvo6Dpyju+YSOIIv6HAv1ORgp 3y7/XHrV+wtrES5OEMqCVbQMst8yV+rY+AA0jUN5DXx3EB7jFXwurhtK5vZBJdaUZ9mT QFFiDDHBxjK+jrMx9k4zZh42j0gPFnPk3h2gFmqOkvike+tjxrfS08nzobtZ9FQyoELd r17fX7LdsodGmdtrCsJ+YRMjUgzjQWBUxMqRr1Pl3tnxyoKXYWD+VGqTSKusnmoXMtmS ElWA== X-Gm-Message-State: AOAM532Z7RwBMcOSdo1koqxW6CKpQBAj8hW40+Rnqt8Qmi2wKpd0eqxl WHF7Vd2OsYzPblBJ2SWPvJ/1COceWWDreHCvpDusTRRWP8FwQpDU9P2XHXqUAjeyzibizJETk51 JsFD28g/3XA5QXWdgkdkUQUiu+29T X-Received: by 2002:a17:90b:3e89:: with SMTP id rj9mr2835557pjb.91.1643044954585; Mon, 24 Jan 2022 09:22:34 -0800 (PST) X-Received: by 2002:a17:90b:3e89:: with SMTP id rj9mr2835546pjb.91.1643044954385; Mon, 24 Jan 2022 09:22:34 -0800 (PST) Received: from zqy787-GE5S.lan ([36.4.61.248]) by smtp.gmail.com with ESMTPSA id me4sm20786965pjb.26.2022.01.24.09.22.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 24 Jan 2022 09:22:34 -0800 (PST) From: Zhou Qingyang To: zhou1615@umn.edu Cc: kjlu@umn.edu, Sathya Prakash , Sreekanth Reddy , Suganath Prabu Subramani , "James E.J. Bottomley" , "Martin K. Petersen" , Nagalakshmi Nandigama , James Bottomley , MPT-FusionLinux.pdl@broadcom.com, linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] scsi: mpt3sas: FIx a NULL pointer dereference bug in mpt3sas_transport_port_add() Date: Tue, 25 Jan 2022 01:21:20 +0800 Message-Id: <20220124172120.62828-1-zhou1615@umn.edu> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In mpt3sas_transport_port_add(), sas_end_device_alloc() is assigned to rphy and there is a dereference of it. sas_end_device_alloc() could return NULL on failure of allocation, which could introduce a NULL pointer dereference bug. The same as sas_expander_alloc(). Fix this bug by adding a NULL check of rphy. This bug was found by a static analyzer. Builds with 'make allyesconfig' show no new warnings, and our static analyzer no longer warns about this code. Fixes: f92363d12359 ("mpt3sas: add new driver supporting 12GB SAS") Signed-off-by: Zhou Qingyang --- The analysis employs differential checking to identify inconsistent security operations (e.g., checks or kfrees) between two code paths and confirms that the inconsistent operations are not recovered in the current function or the callers, so they constitute bugs. Note that, as a bug found by static analysis, it can be a false positive or hard to trigger. Multiple researchers have cross-reviewed the bug. drivers/scsi/mpt3sas/mpt3sas_transport.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/scsi/mpt3sas/mpt3sas_transport.c b/drivers/scsi/mpt3sas/mpt3sas_transport.c index 0681daee6c14..1caa929cf8bc 100644 --- a/drivers/scsi/mpt3sas/mpt3sas_transport.c +++ b/drivers/scsi/mpt3sas/mpt3sas_transport.c @@ -823,6 +823,11 @@ mpt3sas_transport_port_add(struct MPT3SAS_ADAPTER *ioc, u16 handle, hba_port->sas_address = mpt3sas_port->remote_identify.sas_address; } + if (!rphy) { + ioc_err(ioc, "failure at %s:%d/%s()!\n", + __FILE__, __LINE__, __func__); + goto out_fail; + } rphy->identify = mpt3sas_port->remote_identify; -- 2.25.1