Received: by 2002:ab2:1149:0:b0:1f3:1f8c:d0c6 with SMTP id z9csp1253073lqz;
        Sun, 31 Mar 2024 23:10:56 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCUnbDGtM53z+ef4ZbUdTMZDH3b+kC2yeYQZnNZYgv33XPybfu00q9MKTO7iEElDFgcbjLj1eTjz3lLmIjK8xyRL0+lwgAyD/V5wQlM72A==
X-Google-Smtp-Source: AGHT+IEfe2S3p/beChuhdMqfO89jExFGDQ1BnhM0XTM2GbShCsLrB9n102Xa1iUI/1a//TNdyBKp
X-Received: by 2002:ac2:4d0f:0:b0:515:bf51:a533 with SMTP id r15-20020ac24d0f000000b00515bf51a533mr4693103lfi.23.1711951856422;
        Sun, 31 Mar 2024 23:10:56 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1711951856; cv=pass;
        d=google.com; s=arc-20160816;
        b=n3//DNsOcNj/263Oh2N2DjPcqPxXU09+UtY+PXVaeCCoZ9ce/IjSFzYxSSUUpFE0Bg
         eq2zQntzJFlvBH7LR9gpb1R1gT1bEjpDCN5R3dwPM4ZtATRGAA8frZIfroiTb7E3dtzI
         XHLz9HS8/uN2qdjXblDX+MlwknT3vSNUexFFy/CYe0GAuBwZiEHPMZYVjo9ha3430nS/
         fgHQ8ECNLUco1aRijMD2Ktv+rNiGsM1VXNHmzpd7W+LClgFHZ9Vzzruq43nw5ABl9ctS
         hk9mkKU0u7V+ay8sS+H1XvaeJ+el5qpQ/meH+YWYuY5ROHNv3C68p8KzMbKsRVfmxQWX
         8cgA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:message-id:date:subject:cc:to
         :from;
        bh=UPYETEYL3uVJVHJE1oGSxAq3cdtY8skYgUdCOGK3wA8=;
        fh=JK/8EOo9qjqrR02UOYFKnuIjgTCbVGwIFiHqSTf4oUo=;
        b=ddVvd7sQri9ao0I1xEWnoZ08R7McV0hM8i4btzEGfmyLjjB14LWWIOL/Ck6l9fKVTW
         Z5/QI2MpQHwicMMrVD+chc9ZY6o+18TheBe2OAOobuIaf1PGGjIVHc8rdqln/LwmgfS0
         na5aissGSILM1PLvcfEp1Aq1z7FQ9WdZnW/9W7f7WUgDx4fieh5hqR3JP4r2OSVJWrFS
         7Q8H3AwsWZP7cifjFbtYCKrxPM9gUY8jBMQhKyubIAwB1mn5fBNNvP6cl3wte2ZldMMv
         qUrPH5IXUEbZJhIqmyDjjXHnBV3WLpy0FhrlwqPbylEFFp9z3GZO8gsakRhxoZRqjKI+
         g+3A==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       arc=pass (i=1 spf=pass spfdomain=usergate.com dmarc=pass fromdomain=usergate.com);
       spf=pass (google.com: domain of linux-kernel+bounces-126445-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-126445-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=usergate.com
Return-Path: <linux-kernel+bounces-126445-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249])
        by mx.google.com with ESMTPS id qw41-20020a1709066a2900b00a4e37413bb4si3051123ejc.563.2024.03.31.23.10.56
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 31 Mar 2024 23:10:56 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-126445-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249;
Authentication-Results: mx.google.com;
       arc=pass (i=1 spf=pass spfdomain=usergate.com dmarc=pass fromdomain=usergate.com);
       spf=pass (google.com: domain of linux-kernel+bounces-126445-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-126445-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=usergate.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id 26C411F212FC
	for <linux.lists.archive@gmail.com>; Mon,  1 Apr 2024 06:10:56 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 088A6944D;
	Mon,  1 Apr 2024 06:10:47 +0000 (UTC)
Received: from mx2.usergate.com (mx2.usergate.com [46.229.79.1])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id E1D8853BE;
	Mon,  1 Apr 2024 06:10:39 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=46.229.79.1
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1711951846; cv=none; b=mSB59Kp0HB6d9gJsUog+0SoEKxEiptkLtMCn9yZVQOIGR8aDft2qsCNeJxZDjhdtNGNlUxSaT8o/y6+9KlCBy5mqzL3YEhQVErLwFwH04YtH2/ACJaPz0d3eyMQDVr6RGtT1IrM9e5zwXLpYOrJZWJKt5Szi17WqNFefEraP8Kw=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1711951846; c=relaxed/simple;
	bh=+UHLdCQTMrUw8WO10zf7gQvU/OLD5joucmE9A0+3Iog=;
	h=From:To:CC:Subject:Date:Message-ID:MIME-Version:Content-Type; b=envy35H0yujQsLTA6BJbxVcIgk/UkI05KGjIVXKvUN9PK+hs/hpgrmHoZBmE2UbGqW9JLd65XN2dEJ6YDgqJO3m/Xrg3jYwH9m7cJkpnI8Yyyr+lnzFDpYMepm13UbrME2vKvDBQ0MvseJIdFdcax61CnbtE6U2K+HFrgHnIUMs=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=usergate.com; spf=pass smtp.mailfrom=usergate.com; arc=none smtp.client-ip=46.229.79.1
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=usergate.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=usergate.com
Received: from mail.usergate.com[192.168.90.36] by mx2.usergate.com with ESMTP id
	 8FF7B9684B1C4A189249FF167EC005ED; Mon, 1 Apr 2024 13:10:26 +0700
From: Aleksandr Aprelkov <aaprelkov@usergate.com>
To: Hannes Reinecke <hare@suse.com>
CC: Aleksandr Aprelkov <aaprelkov@usergate.com>,"James E.J. Bottomley" <jejb@linux.ibm.com>,"Martin K. Petersen" <martin.petersen@oracle.com>,<linux-scsi@vger.kernel.org>,<linux-kernel@vger.kernel.org>,<lvc-project@linuxtesting.org>
Subject: [PATCH] scsi: aic79xx: add scb NULL check in ahd_handle_msg_reject()
Date: Mon, 1 Apr 2024 13:10:09 +0700
Message-ID: <20240401061010.589751-1-aaprelkov@usergate.com>
X-Mailer: git-send-email 2.34.1
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-ClientProxiedBy: ESLSRV-EXCH-01.esafeline.com (192.168.90.36) To
 nsk02-mbx01.esafeline.com (10.10.1.35)
X-Message-Id: 216EAD62768046DBA990E016335F1F2F
X-MailFileId: 71D8BFED459B4CA494BB17C93467D2DF

If ahd_lookup_scb() returns NULL and ahd_sent_msg() checks are false,
then NULL pointer dereference happens

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Aleksandr Aprelkov <aaprelkov@usergate.com>
---
 drivers/scsi/aic7xxx/aic79xx_core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/aic7xxx/aic79xx_core.c b/drivers/scsi/aic7xxx/aic79xx_core.c
index 3e3100dbfda3..9e0fafa12e87 100644
--- a/drivers/scsi/aic7xxx/aic79xx_core.c
+++ b/drivers/scsi/aic7xxx/aic79xx_core.c
@@ -5577,7 +5577,7 @@ ahd_handle_msg_reject(struct ahd_softc *ahd, struct ahd_devinfo *devinfo)
 		       "Using asynchronous transfers\n",
 		       ahd_name(ahd), devinfo->channel,
 		       devinfo->target, devinfo->lun);
-	} else if ((scb->hscb->control & SIMPLE_QUEUE_TAG) != 0) {
+	} else if (scb && (scb->hscb->control & SIMPLE_QUEUE_TAG) != 0) {
 		int tag_type;
 		int mask;
 
-- 
2.34.1