From: Jens Axboe <axboe@kernel.dk>
To: Ken Xue <ken.xue@amd.com>,
linux-scsi@vger.kernel.org, linux-block@vger.kernel.org,
stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Xiangliang.Yu@amd.com, stern@rowland.harvard.edu,
JBottomley@Odin.com, SPG_Linux_Kernel@amd.com,
michael.terry@canonical.com
Subject: Re: [PATCH 2/2] SCSI: Fix NULL pointer dereference in runtime PM
Date: Thu, 3 Dec 2015 11:39:25 -0700 [thread overview]
Message-ID: <56608C5D.9080709@kernel.dk> (raw)
In-Reply-To: <1448952346.3603.18.camel@kxue-X58A-UD3R>
On 11/30/2015 11:45 PM, Ken Xue wrote:
> The routines in scsi_pm.c assume that if a runtime-PM callback is
> invoked for a SCSI device, it can only mean that the device's driver
> has asked the block layer to handle the runtime power management (by
> calling blk_pm_runtime_init(), which among other things sets q->dev).
>
> However, this assumption turns out to be wrong for things like the ses
> driver. Normally ses devices are not allowed to do runtime PM, but
> userspace can override this setting. If this happens, the kernel gets
> a NULL pointer dereference when blk_post_runtime_resume() tries to use
> the uninitialized q->dev pointer.
>
> This patch fixes the problem by checking q->dev in block layer before
> handle runtime PM. Since ses doesn't define any PM callbacks and call
> blk_pm_runtime_init(), the crash won't occur.
>
> This fixes Bugzilla #101371.
> https://bugzilla.kernel.org/show_bug.cgi?id=101371
>
> More discussion can be found from below link.
> http://marc.info/?l=linux-scsi&m=144163730531875&w=2
>
Added for 4.4, thanks.
--
Jens Axboe
prev parent reply other threads:[~2015-12-03 18:39 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-01 6:45 [PATCH 2/2] SCSI: Fix NULL pointer dereference in runtime PM Ken Xue
2015-12-03 18:39 ` Jens Axboe [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56608C5D.9080709@kernel.dk \
--to=axboe@kernel.dk \
--cc=JBottomley@Odin.com \
--cc=SPG_Linux_Kernel@amd.com \
--cc=Xiangliang.Yu@amd.com \
--cc=ken.xue@amd.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=michael.terry@canonical.com \
--cc=stable@vger.kernel.org \
--cc=stern@rowland.harvard.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).