From 79e448bf2d71d52d28c99be4faff9cc51928f90b Mon Sep 17 00:00:00 2001 From: Matthew Dobson Date: Mon, 21 Nov 2005 21:32:29 -0800 Subject: [PATCH] Fix a bug in scsi_get_command scsi_get_command() attempts to write into a structure that may not have been successfully allocated. Move this write inside the if statement that ensures we won't panic the kernel with a NULL pointer dereference. Signed-off-by: Matthew Dobson Cc: James Bottomley Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- drivers/scsi/scsi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'drivers/scsi') diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c index 0be60bb..180676d 100644 --- a/drivers/scsi/scsi.c +++ b/drivers/scsi/scsi.c @@ -265,10 +265,10 @@ struct scsi_cmnd *scsi_get_command(struct scsi_device *dev, gfp_t gfp_mask) spin_lock_irqsave(&dev->list_lock, flags); list_add_tail(&cmd->list, &dev->cmd_list); spin_unlock_irqrestore(&dev->list_lock, flags); + cmd->jiffies_at_alloc = jiffies; } else put_device(&dev->sdev_gendev); - cmd->jiffies_at_alloc = jiffies; return cmd; } EXPORT_SYMBOL(scsi_get_command); -- cgit v1.1 From 458af5439fe7ae7d95ca14106844e61f0795166c Mon Sep 17 00:00:00 2001 From: Adrian Bunk Date: Sun, 27 Nov 2005 00:36:37 +0100 Subject: [PATCH] drivers/scsi/dpt_i2o.c: fix a NULL pointer dereference The Coverity checker spotted this obvious NULL pointer dereference. Signed-off-by: Adrian Bunk Acked-by: Mark Salyzyn Signed-off-by: Linus Torvalds --- drivers/scsi/dpt_i2o.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'drivers/scsi') diff --git a/drivers/scsi/dpt_i2o.c b/drivers/scsi/dpt_i2o.c index c28e3ae..418fc7b 100644 --- a/drivers/scsi/dpt_i2o.c +++ b/drivers/scsi/dpt_i2o.c @@ -816,7 +816,7 @@ static int adpt_hba_reset(adpt_hba* pHba) static void adpt_i2o_sys_shutdown(void) { adpt_hba *pHba, *pNext; - struct adpt_i2o_post_wait_data *p1, *p2; + struct adpt_i2o_post_wait_data *p1, *old; printk(KERN_INFO"Shutting down Adaptec I2O controllers.\n"); printk(KERN_INFO" This could take a few minutes if there are many devices attached\n"); @@ -830,13 +830,14 @@ static void adpt_i2o_sys_shutdown(void) } /* Remove any timedout entries from the wait queue. */ - p2 = NULL; // spin_lock_irqsave(&adpt_post_wait_lock, flags); /* Nothing should be outstanding at this point so just * free them */ - for(p1 = adpt_post_wait_queue; p1; p2 = p1, p1 = p2->next) { - kfree(p1); + for(p1 = adpt_post_wait_queue; p1;) { + old = p1; + p1 = p1->next; + kfree(old); } // spin_unlock_irqrestore(&adpt_post_wait_lock, flags); adpt_post_wait_queue = NULL; -- cgit v1.1