scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS

DanCh2020 · martinkpetersen · commit 75cb113cd43f · 2023-03-24T20:27:17.000-04:00
When cmdid == CMDID_INT_CMDS, the 'cmds' pointer is NULL but is dereferenced below. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 0f2bb84 ("[SCSI] megaraid: simplify internal command handling") Signed-off-by: Danila Chernetsov <listdansp@mail.ru> Link: https://lore.kernel.org/r/20230317175109.18585-1-listdansp@mail.ru Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
diff --git a/drivers/scsi/megaraid.c b/drivers/scsi/megaraid.c
@@ -1441,6 +1441,7 @@ mega_cmd_done(adapter_t *adapter, u8 completed[], int nstatus, int status)
 		 */
 		if (cmdid == CMDID_INT_CMDS) {
 			scb = &adapter->int_scb;
+			cmd = scb->cmd;
 
 			list_del_init(&scb->list);
 			scb->state = SCB_FREE;
