scsi: cxgb4i: Fix dereference of pointer tdata before it is null checked

Currently pointer tdata is being dereferenced on the initialization of
pointer skb before tdata is null checked. This could lead to a potential
null pointer dereference.  Fix this by dereferencing tdata after tdata has
been null pointer sanity checked.

Link: https://lore.kernel.org/r/20200709135217.1408105-1-colin.king@canonical.com
Fixes: e33c2482289b ("scsi: cxgb4i: Add support for iSCSI segmentation offload")
Addresses-Coverity: ("Dereference before null check")
Acked-by: Varun Prakash <varun@chelsio.com>
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

diff --git a/drivers/scsi/cxgbi/libcxgbi.c b/drivers/scsi/cxgbi/libcxgbi.c
index 1fb101c..a6119d9 100644 (file)
--- a/drivers/scsi/cxgbi/libcxgbi.c
+++ b/drivers/scsi/cxgbi/libcxgbi.c
@@ -2147,7 +2147,7 @@ int cxgbi_conn_init_pdu(struct iscsi_task *task, unsigned int offset,
        struct iscsi_conn *conn = task->conn;
        struct iscsi_tcp_task *tcp_task = task->dd_data;
        struct cxgbi_task_data *tdata = iscsi_task_cxgbi_data(task);
-       struct sk_buff *skb = tdata->skb;
+       struct sk_buff *skb;
        struct scsi_cmnd *sc = task->sc;
        u32 expected_count, expected_offset;
        u32 datalen = count, dlimit = 0;
@@ -2161,6 +2161,7 @@ int cxgbi_conn_init_pdu(struct iscsi_task *task, unsigned int offset,
                       tcp_task ? tcp_task->dd_data : NULL, tdata);
                return -EINVAL;
        }
+       skb = tdata->skb;
 
        log_debug(1 << CXGBI_DBG_ISCSI | 1 << CXGBI_DBG_PDU_TX,
                  "task 0x%p,0x%p, skb 0x%p, 0x%x,0x%x,0x%x, %u+%u.\n",
@@ -2365,7 +2366,7 @@ int cxgbi_conn_xmit_pdu(struct iscsi_task *task)
        struct iscsi_tcp_task *tcp_task = task->dd_data;
        struct cxgbi_task_data *tdata = iscsi_task_cxgbi_data(task);
        struct cxgbi_task_tag_info *ttinfo = &tdata->ttinfo;
-       struct sk_buff *skb = tdata->skb;
+       struct sk_buff *skb;
        struct cxgbi_sock *csk = NULL;
        u32 pdulen = 0;
        u32 datalen;
@@ -2378,6 +2379,7 @@ int cxgbi_conn_xmit_pdu(struct iscsi_task *task)
                return -EINVAL;
        }
 
+       skb = tdata->skb;
        if (!skb) {
                log_debug(1 << CXGBI_DBG_ISCSI | 1 << CXGBI_DBG_PDU_TX,
                          "task 0x%p, skb NULL.\n", task);