scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

When cmdid == CMDID_INT_CMDS, the 'cmds' pointer is NULL but is
dereferenced below.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 0f2bb84d2a68 ("[SCSI] megaraid: simplify internal command handling")
Signed-off-by: Danila Chernetsov <listdansp@mail.ru>
Link: https://lore.kernel.org/r/20230317175109.18585-1-listdansp@mail.ru
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

authored by

Danila Chernetsov and committed by

Martin K. Petersen 3 years ago 75cb113c 62d15dba

1 changed file

expand all

drivers

scsi

megaraid.c

drivers/scsi/megaraid.c

··· 1441 1441 */ 1442 1442 if (cmdid == CMDID_INT_CMDS) { 1443 1443 scb = &adapter->int_scb; 1444 + cmd = scb->cmd; 1444 1445 1445 1446 list_del_init(&scb->list); 1446 1447 scb->state = SCB_FREE;