diff options
author | Jiri Slaby <jslaby@suse.cz> | 2010-06-22 07:42:02 -0400 |
---|---|---|
committer | James Bottomley <James.Bottomley@suse.de> | 2010-07-27 13:03:53 -0400 |
commit | 24ae163ed33d2b8a70d2f0b1947b401d0a8e8719 (patch) | |
tree | 122060af30c9072a936e5fb86ebf5a617b522fe8 /drivers/scsi/mvsas | |
parent | 97009a29e8c999def2d1e9ef253c226daf9541af (diff) |
[SCSI] mvsas: fix potential NULL dereference
Stanse found that in mvs_abort_task, mvi_dev is dereferenced earlier
than tested for being NULL. Move the assignment below the test.
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Diffstat (limited to 'drivers/scsi/mvsas')
-rw-r--r-- | drivers/scsi/mvsas/mv_sas.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/drivers/scsi/mvsas/mv_sas.c b/drivers/scsi/mvsas/mv_sas.c index f5e321791903..cab924239862 100644 --- a/drivers/scsi/mvsas/mv_sas.c +++ b/drivers/scsi/mvsas/mv_sas.c | |||
@@ -1640,7 +1640,7 @@ int mvs_abort_task(struct sas_task *task) | |||
1640 | struct mvs_tmf_task tmf_task; | 1640 | struct mvs_tmf_task tmf_task; |
1641 | struct domain_device *dev = task->dev; | 1641 | struct domain_device *dev = task->dev; |
1642 | struct mvs_device *mvi_dev = (struct mvs_device *)dev->lldd_dev; | 1642 | struct mvs_device *mvi_dev = (struct mvs_device *)dev->lldd_dev; |
1643 | struct mvs_info *mvi = mvi_dev->mvi_info; | 1643 | struct mvs_info *mvi; |
1644 | int rc = TMF_RESP_FUNC_FAILED; | 1644 | int rc = TMF_RESP_FUNC_FAILED; |
1645 | unsigned long flags; | 1645 | unsigned long flags; |
1646 | u32 tag; | 1646 | u32 tag; |
@@ -1650,6 +1650,8 @@ int mvs_abort_task(struct sas_task *task) | |||
1650 | rc = TMF_RESP_FUNC_FAILED; | 1650 | rc = TMF_RESP_FUNC_FAILED; |
1651 | } | 1651 | } |
1652 | 1652 | ||
1653 | mvi = mvi_dev->mvi_info; | ||
1654 | |||
1653 | spin_lock_irqsave(&task->task_state_lock, flags); | 1655 | spin_lock_irqsave(&task->task_state_lock, flags); |
1654 | if (task->task_state_flags & SAS_TASK_STATE_DONE) { | 1656 | if (task->task_state_flags & SAS_TASK_STATE_DONE) { |
1655 | spin_unlock_irqrestore(&task->task_state_lock, flags); | 1657 | spin_unlock_irqrestore(&task->task_state_lock, flags); |