ClabureDB: Classified Bug-Reports Database

Project: Linux Kernel

Showing error 1817

User:	Jiri Slaby
Error type:	Invalid Pointer Dereference
Error type description:	A pointer which is invalid is being dereferenced
File location:	drivers/message/fusion/mptscsih.c
Line in file:	1415
Project:	Linux Kernel
Project version:	2.6.28
Tools:	Smatch (1.59)
Entered:	2013-09-11 08:47:26 UTC

Source:

1385        ADD_INDEX_LOG(my_idx);
1386
1387        /*    TUR's being issued with scsictl=0x02000000 (DATA_IN)!
1388         *    Seems we may receive a buffer (datalen>0) even when there
1389         *    will be no data transfer!  GRRRRR...
1390         */
1391        if (SCpnt->sc_data_direction == DMA_FROM_DEVICE) {
1392                datalen = scsi_bufflen(SCpnt);
1393                scsidir = MPI_SCSIIO_CONTROL_READ;        /* DATA IN  (host<--ioc<--dev) */
1394        } else if (SCpnt->sc_data_direction == DMA_TO_DEVICE) {
1395                datalen = scsi_bufflen(SCpnt);
1396                scsidir = MPI_SCSIIO_CONTROL_WRITE;        /* DATA OUT (host-->ioc-->dev) */
1397        } else {
1398                datalen = 0;
1399                scsidir = MPI_SCSIIO_CONTROL_NODATATRANSFER;
1400        }
1401
1402        /* Default to untagged. Once a target structure has been allocated,
1403         * use the Inquiry data to determine if device supports tagged.
1404         */
1405        if (vdevice
1406            && (vdevice->vtarget->tflags & MPT_TARGET_FLAGS_Q_YES)
1407            && (SCpnt->device->tagged_supported)) {
1408                scsictl = scsidir | MPI_SCSIIO_CONTROL_SIMPLEQ;
1409        } else {
1410                scsictl = scsidir | MPI_SCSIIO_CONTROL_UNTAGGED;
1411        }
1412
1413        /* Use the above information to set up the message frame
1414         */
1415        pScsiReq->TargetID = (u8) vdevice->vtarget->id;
1416        pScsiReq->Bus = vdevice->vtarget->channel;
1417        pScsiReq->ChainOffset = 0;
1418        if (vdevice->vtarget->tflags &  MPT_TARGET_FLAGS_RAID_COMPONENT)
1419                pScsiReq->Function = MPI_FUNCTION_RAID_SCSI_IO_PASSTHROUGH;
1420        else
1421                pScsiReq->Function = MPI_FUNCTION_SCSI_IO_REQUEST;
1422        pScsiReq->CDBLength = SCpnt->cmd_len;
1423        pScsiReq->SenseBufferLength = MPT_SENSE_BUFFER_SIZE;
1424        pScsiReq->Reserved = 0;
1425        pScsiReq->MsgFlags = mpt_msg_flags();

Show full sources