* [PATCH 13/13] scsi: Potential null pointer dereference in scsi_eh_lock_door()
@ 2012-08-09 13:55 Marina Makienko
0 siblings, 0 replies; only message in thread
From: Marina Makienko @ 2012-08-09 13:55 UTC (permalink / raw)
To: Mike Anderson
Cc: Marina Makienko, James E.J. Bottomley, linux-scsi, linux-kernel,
ldv-project
The function blk_get_request() can return NULL in some cases. There are
checks on it if function is called with argumetns one of which is
GFP_ATOMIC/GFP_NOIO/etc. If system couldn't find request
blk_get_request() return NULL.
But if there is function call with argument __GFP_WAIT
the system will wait until get request or the queue becomes
dead. If something kills the queue, blk_get_request()
return NULL and next operations will lead to errors.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Marina Makienko <makienko@ispras.ru>
---
drivers/scsi/scsi_error.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/drivers/scsi/scsi_error.c b/drivers/scsi/scsi_error.c
index 4a6381c..7dd67d4 100644
--- a/drivers/scsi/scsi_error.c
+++ b/drivers/scsi/scsi_error.c
@@ -1624,6 +1624,9 @@ static void scsi_eh_lock_door(struct scsi_device *sdev)
*/
req = blk_get_request(sdev->request_queue, READ, GFP_KERNEL);
+ if (!req)
+ return;
+
req->cmd[0] = ALLOW_MEDIUM_REMOVAL;
req->cmd[1] = 0;
req->cmd[2] = 0;
--
1.7.7
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2012-08-09 13:59 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-08-09 13:55 [PATCH 13/13] scsi: Potential null pointer dereference in scsi_eh_lock_door() Marina Makienko
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.