Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp4812465rwl; Mon, 3 Apr 2023 09:55:56 -0700 (PDT) X-Google-Smtp-Source: AKy350Yn9eaTekghKTu6XKRv6uDZ1WRIJ796Ufmk+RuWwEXMymE1rVMGxNtN7uEn784lhcA0m5Rp X-Received: by 2002:aa7:d049:0:b0:4bf:33e8:21ff with SMTP id n9-20020aa7d049000000b004bf33e821ffmr32411018edo.30.1680540956348; Mon, 03 Apr 2023 09:55:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680540956; cv=none; d=google.com; s=arc-20160816; b=UkCZuN3vFsq6qRUclJHiqX8lDybpi070eaaAgq4kiPDYXnt5QIqWnSXoJBPo0iDpKo 0VYGRnUyz6qyZZV1XQ3a3l6/1X0PXQz/fhvLeqYctRE8Raz+N4YbL2mEiEGxct2JJsPs Rg/ez2JI61X3m24APNjO1zsoFAsraMp5MNmC4JIxJzCA/I+WeVFoGzfoFADig5vjKuxZ pZvJeIimW08ai8C6kwFPyXZNRQJTuoU15yU94RkAwHB1q45SsqItz2Nu1BcFbtC8pVm5 t0+vRH6ewusXyLbP5/u7nRuMPGIurMPsC9vwX1UbENbVwFeWtdtoYp6R4KASvJmxlQn9 7AlQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id; bh=lhBQ4/kmG73oQb4PtHXVXR1737haJdDj5ImtJzM0WHc=; b=ZiOCjn41uKgGBT/tQOFZiJMtCtVBZjPA87/CGpZVSQmXthbIbM40X03kgRUKq7chEN OD2g+SfkZ2BANk97GOuYoTzr2YcV00KsyIMOXOCARM8OfHq4AXyRkQKmLqCH8Z0W3s37 Jrsl+3uAWrYxZWRfU39V442m/mkP2EWqEYUpuWg+FJ7oCUffJjXtkAI/7lFb+Ipv9BlF r7ZQEmjuOYC06HucaHWwyKP8lzFMyzLix23b8Qjis+LjNcxQ58BnDSDfu3mSAgypZ3l/ 1jQmSBMCAQs0lN5viSIZ0RXsJGo8SVuvU7z+eoTs8SLqr5OUVuAytURL8ZC25JExKBaW xgZg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mcst.ru Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r5-20020aa7c145000000b004fd2b0fa78esi8200645edp.393.2023.04.03.09.55.22; Mon, 03 Apr 2023 09:55:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mcst.ru Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232734AbjDCQmy (ORCPT + 99 others); Mon, 3 Apr 2023 12:42:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52612 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229379AbjDCQmx (ORCPT ); Mon, 3 Apr 2023 12:42:53 -0400 Received: from tretyak2.mcst.ru (tretyak2.mcst.ru [212.5.119.215]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5E751A8; Mon, 3 Apr 2023 09:42:51 -0700 (PDT) Received: from tretyak2.mcst.ru (localhost [127.0.0.1]) by tretyak2.mcst.ru (Postfix) with ESMTP id 4F173102395; Mon, 3 Apr 2023 19:42:48 +0300 (MSK) Received: from frog.lab.sun.mcst.ru (frog.lab.sun.mcst.ru [172.16.4.50]) by tretyak2.mcst.ru (Postfix) with ESMTP id 4A1FE102391; Mon, 3 Apr 2023 19:42:03 +0300 (MSK) Received: from [172.16.7.18] (gang [172.16.7.18]) by frog.lab.sun.mcst.ru (8.13.4/8.12.11) with ESMTP id 333Gg2gE021372; Mon, 3 Apr 2023 19:42:02 +0300 Message-ID: <174a1911-6a12-a184-5a08-d18b1b7ab296@mcst.ru> Date: Mon, 3 Apr 2023 19:47:16 +0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.5.0 Subject: Re: [PATCH] scsi: megaraid: Fix null dereference Content-Language: en-US To: jejb@linux.ibm.com, Kashyap Desai Cc: Sumit Saxena , Shivasharan S , "Martin K. Petersen" , megaraidlinux.pdl@broadcom.com, linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org, lvc-project@linuxtesting.org References: <20230403143440.1923323-1-Igor.A.Artemiev@mcst.ru> <84d55c1032a98de8b2118715d3ec435c409ca0a2.camel@linux.ibm.com> From: "Igor A. Artemiev" In-Reply-To: <84d55c1032a98de8b2118715d3ec435c409ca0a2.camel@linux.ibm.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Anti-Virus: Kaspersky Anti-Virus for Linux Mail Server 5.6.39/RELEASE, bases: 20111107 #2745587, check: 20230403 notchecked X-AV-Checked: ClamAV using ClamSMTP X-Spam-Status: No, score=-1.3 required=5.0 tests=NICE_REPLY_A,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 4/3/23 18:19, James Bottomley wrote: > On Mon, 2023-04-03 at 17:34 +0300, Igor Artemiev wrote: >> When cmdid == CMDID_INT_CMDS, the 'mbox' pointer is NULL but is >> dereferenced below. >> >> Found by Linux Verification Center (linuxtesting.org) with SVACE. >> >> Fixes: 0f2bb84d2a68 ("[SCSI] megaraid: simplify internal command >> handling") >> Signed-off-by: Igor Artemiev >> --- >>  drivers/scsi/megaraid.c | 1 + >>  1 file changed, 1 insertion(+) >> >> diff --git a/drivers/scsi/megaraid.c b/drivers/scsi/megaraid.c >> index bf491af9f0d6..4fbf92dc717e 100644 >> --- a/drivers/scsi/megaraid.c >> +++ b/drivers/scsi/megaraid.c >> @@ -1441,6 +1441,7 @@ mega_cmd_done(adapter_t *adapter, u8 >> completed[], int nstatus, int status) >>                  */ >>                 if (cmdid == CMDID_INT_CMDS) { >>                         scb = &adapter->int_scb; >> +                       mbox = (mbox_t *)scb->raw_mbox; > Have you actually seen this and if so which firmware? I thought > megaraid internal commands only ever returned success or fail (0 or 1) > meaning they can never get into the sense processing case that is the > only consumer of the mbox. > > James > No, I haven't seen this. A null dereference can be if the 'status'  is 0x02. But if 'status' cannot be equal to 0x02, assignment isn't required. Thanks, Igor