From 2471b894068ec59ab3012e788401b345ef459e49 Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Fri, 23 Apr 2010 14:01:04 +0200 Subject: [SCSI] pm8001: potential null dereference in pm8001_dev_gone_notify() In the original code we dereferenced "pm8001_dev" before checking if it was null. This patch moves the dereference inside the condition. This was found by a static checker (smatch). I looked, but I couldn't tell if "pm8001_dev" dev was ever actually null. The approach in this patch seemed like the safest response. Signed-off-by: Dan Carpenter Acked-by: Jack Wang Signed-off-by: James Bottomley --- drivers/scsi/pm8001/pm8001_sas.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/pm8001/pm8001_sas.c b/drivers/scsi/pm8001/pm8001_sas.c index bff4f5139b9c..cd02ceaf67ff 100644 --- a/drivers/scsi/pm8001/pm8001_sas.c +++ b/drivers/scsi/pm8001/pm8001_sas.c @@ -885,11 +885,13 @@ static void pm8001_dev_gone_notify(struct domain_device *dev) u32 tag; struct pm8001_hba_info *pm8001_ha; struct pm8001_device *pm8001_dev = dev->lldd_dev; - u32 device_id = pm8001_dev->device_id; + pm8001_ha = pm8001_find_ha_by_dev(dev); spin_lock_irqsave(&pm8001_ha->lock, flags); pm8001_tag_alloc(pm8001_ha, &tag); if (pm8001_dev) { + u32 device_id = pm8001_dev->device_id; + PM8001_DISC_DBG(pm8001_ha, pm8001_printk("found dev[%d:%x] is gone.\n", pm8001_dev->device_id, pm8001_dev->dev_type)); -- cgit v1.2.3