From: Dan Carpenter Date: Fri, 23 Apr 2010 12:01:04 +0000 (+0200) Subject: [SCSI] pm8001: potential null dereference in pm8001_dev_gone_notify() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=2471b894068ec59ab3012e788401b345ef459e49;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git [SCSI] pm8001: potential null dereference in pm8001_dev_gone_notify() In the original code we dereferenced "pm8001_dev" before checking if it was null. This patch moves the dereference inside the condition. This was found by a static checker (smatch). I looked, but I couldn't tell if "pm8001_dev" dev was ever actually null. The approach in this patch seemed like the safest response. Signed-off-by: Dan Carpenter Acked-by: Jack Wang Signed-off-by: James Bottomley --- diff --git a/drivers/scsi/pm8001/pm8001_sas.c b/drivers/scsi/pm8001/pm8001_sas.c index bff4f5139b9c..cd02ceaf67ff 100644 --- a/drivers/scsi/pm8001/pm8001_sas.c +++ b/drivers/scsi/pm8001/pm8001_sas.c @@ -885,11 +885,13 @@ static void pm8001_dev_gone_notify(struct domain_device *dev) u32 tag; struct pm8001_hba_info *pm8001_ha; struct pm8001_device *pm8001_dev = dev->lldd_dev; - u32 device_id = pm8001_dev->device_id; + pm8001_ha = pm8001_find_ha_by_dev(dev); spin_lock_irqsave(&pm8001_ha->lock, flags); pm8001_tag_alloc(pm8001_ha, &tag); if (pm8001_dev) { + u32 device_id = pm8001_dev->device_id; + PM8001_DISC_DBG(pm8001_ha, pm8001_printk("found dev[%d:%x] is gone.\n", pm8001_dev->device_id, pm8001_dev->dev_type));