All of lore.kernel.org
 help / color / mirror / Atom feed
* Patch "dm: fix rq_end_stats() NULL pointer in dm_requeue_original_request()" has been added to the 4.4-stable tree
@ 2016-04-09 23:40 gregkh
  0 siblings, 0 replies; only message in thread
From: gregkh @ 2016-04-09 23:40 UTC (permalink / raw)
  To: bmr, gregkh, snitzer; +Cc: stable, stable-commits


This is a note to let you know that I've just added the patch titled

    dm: fix rq_end_stats() NULL pointer in dm_requeue_original_request()

to the 4.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     dm-fix-rq_end_stats-null-pointer-in-dm_requeue_original_request.patch
and it can be found in the queue-4.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>From 98dbc9c6c61698792e3a66f32f3bf066201d42d7 Mon Sep 17 00:00:00 2001
From: "Bryn M. Reeves" <bmr@redhat.com>
Date: Mon, 14 Mar 2016 17:04:34 -0400
Subject: dm: fix rq_end_stats() NULL pointer in dm_requeue_original_request()

From: Bryn M. Reeves <bmr@redhat.com>

commit 98dbc9c6c61698792e3a66f32f3bf066201d42d7 upstream.

An "old" (.request_fn) DM 'struct request' stores a pointer to the
associated 'struct dm_rq_target_io' in rq->special.

dm_requeue_original_request(), previously named
dm_requeue_unmapped_original_request(), called dm_unprep_request() to
reset rq->special to NULL.  But rq_end_stats() would go on to hit a NULL
pointer deference because its call to tio_from_request() returned NULL.

Fix this by calling rq_end_stats() _before_ dm_unprep_request()

Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Fixes: e262f34741 ("dm stats: add support for request-based DM devices")
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/md/dm.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/md/dm.c
+++ b/drivers/md/dm.c
@@ -1210,9 +1210,9 @@ static void dm_requeue_original_request(
 {
 	int rw = rq_data_dir(rq);
 
+	rq_end_stats(md, rq);
 	dm_unprep_request(rq);
 
-	rq_end_stats(md, rq);
 	if (!rq->q->mq_ops)
 		old_requeue_request(rq);
 	else {


Patches currently in stable-queue which might be from bmr@redhat.com are

queue-4.4/dm-fix-rq_end_stats-null-pointer-in-dm_requeue_original_request.patch

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2016-04-09 23:40 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-04-09 23:40 Patch "dm: fix rq_end_stats() NULL pointer in dm_requeue_original_request()" has been added to the 4.4-stable tree gregkh

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.