[PATCH] scsi_transport_sas: Potential NULL pointer deference in sas_rphy_match()

From: Yizhuo
Date: Mon Oct 07 2019 - 16:22:34 EST


Inside function sas_rphy_match(), dev_to_shost() could return NULL,
however, the return value of dev_to_shost() is not checked and
get used. This could potentially be unsafe.

Signed-off-by: Yizhuo <yzhai003@xxxxxxx>
---
drivers/scsi/scsi_transport_sas.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/drivers/scsi/scsi_transport_sas.c b/drivers/scsi/scsi_transport_sas.c
index ef138c57e2a6..04d83cbc35f2 100644
--- a/drivers/scsi/scsi_transport_sas.c
+++ b/drivers/scsi/scsi_transport_sas.c
@@ -1328,6 +1328,8 @@ static int sas_rphy_match(struct attribute_container *cont, struct device *dev)
if (!scsi_is_sas_rphy(dev))
return 0;
shost = dev_to_shost(dev->parent->parent);
+ if (!shost)
+ return 0;

if (!shost->transportt)
return 0;
--
2.17.1