From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1F2FBC6379F for ; Mon, 23 Nov 2020 13:25:44 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C4D2420782 for ; Mon, 23 Nov 2020 13:25:43 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="zuj38Vqw" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388833AbgKWNZU (ORCPT ); Mon, 23 Nov 2020 08:25:20 -0500 Received: from mail.kernel.org ([198.145.29.99]:44818 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731201AbgKWMdW (ORCPT ); Mon, 23 Nov 2020 07:33:22 -0500 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9732F2065E; Mon, 23 Nov 2020 12:33:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1606134802; bh=C7Hi/j+sT6uRjChEQkAIbxhoq7Od5Wrx1G5HbFvn2Ww=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=zuj38VqwW7qE6XWXHhISD7lUL1VVaHCKxVTQ+PcQWlRmQlyYKiF8RvRZtWPOdwuNh 8geJJ8hANrZG/tXfdyfmtjskVgLwTN9yhzc3IIgwBsLnFkLBcD4WrPVJv4KI/Erckh 2HjNZHGtlCQt4Xe+u/wfbPZyrwvN6Ka22e5EwLBo= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Stefan Haberland , Jan Hoeppner , Jens Axboe Subject: [PATCH 4.19 87/91] s390/dasd: fix null pointer dereference for ERP requests Date: Mon, 23 Nov 2020 13:22:47 +0100 Message-Id: <20201123121813.545971397@linuxfoundation.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201123121809.285416732@linuxfoundation.org> References: <20201123121809.285416732@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Stefan Haberland commit 6f117cb854a44a79898d844e6ae3fd23bd94e786 upstream. When requeueing all requests on the device request queue to the blocklayer we might get to an ERP (error recovery) request that is a copy of an original CQR. Those requests do not have blocklayer request information or a pointer to the dasd_queue set. When trying to access those data it will lead to a null pointer dereference in dasd_requeue_all_requests(). Fix by checking if the request is an ERP request that can simply be ignored. The blocklayer request will be requeued by the original CQR that is on the device queue right behind the ERP request. Fixes: 9487cfd3430d ("s390/dasd: fix handling of internal requests") Cc: #4.16 Signed-off-by: Stefan Haberland Reviewed-by: Jan Hoeppner Signed-off-by: Jens Axboe Signed-off-by: Greg Kroah-Hartman --- drivers/s390/block/dasd.c | 6 ++++++ 1 file changed, 6 insertions(+) --- a/drivers/s390/block/dasd.c +++ b/drivers/s390/block/dasd.c @@ -2833,6 +2833,12 @@ static int _dasd_requeue_request(struct if (!block) return -EINVAL; + /* + * If the request is an ERP request there is nothing to requeue. + * This will be done with the remaining original request. + */ + if (cqr->refers) + return 0; spin_lock_irq(&cqr->dq->lock); req = (struct request *) cqr->callback_data; blk_mq_requeue_request(req, false);