On 21 November 2017 at 14:42, Adrian Hunter <adrian.hunter@xxxxxxxxx> wrote: > blk_get_request() can fail, always check the return value. > > Fixes: 0493f6fe5bde ("mmc: block: Move boot partition locking into a driver op") > Fixes: 3ecd8cf23f88 ("mmc: block: move multi-ioctl() to use block layer") > Fixes: 614f0388f580 ("mmc: block: move single ioctl() commands to block requests") > Fixes: 627c3ccfb46a ("mmc: debugfs: Move block debugfs into block module") > Signed-off-by: Adrian Hunter <adrian.hunter@xxxxxxxxx> Thanks, applied for fixes and added a stable tag! Kind regards Uffe > --- > drivers/mmc/core/block.c | 20 +++++++++++++++++++- > 1 file changed, 19 insertions(+), 1 deletion(-) > > diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c > index f60939858586..4a319ddbd956 100644 > --- a/drivers/mmc/core/block.c > +++ b/drivers/mmc/core/block.c > @@ -233,6 +233,10 @@ static ssize_t power_ro_lock_store(struct device *dev, > > /* Dispatch locking to the block layer */ > req = blk_get_request(mq->queue, REQ_OP_DRV_OUT, __GFP_RECLAIM); > + if (IS_ERR(req)) { > + count = PTR_ERR(req); > + goto out_put; > + } > req_to_mmc_queue_req(req)->drv_op = MMC_DRV_OP_BOOT_WP; > blk_execute_rq(mq->queue, NULL, req, 0); > ret = req_to_mmc_queue_req(req)->drv_op_result; > @@ -249,7 +253,7 @@ static ssize_t power_ro_lock_store(struct device *dev, > set_disk_ro(part_md->disk, 1); > } > } > - > +out_put: > mmc_blk_put(md); > return count; > } > @@ -625,6 +629,10 @@ static int mmc_blk_ioctl_cmd(struct mmc_blk_data *md, > req = blk_get_request(mq->queue, > idata->ic.write_flag ? REQ_OP_DRV_OUT : REQ_OP_DRV_IN, > __GFP_RECLAIM); > + if (IS_ERR(req)) { > + err = PTR_ERR(req); > + goto cmd_done; > + } > idatas[0] = idata; > req_to_mmc_queue_req(req)->drv_op = > rpmb ? MMC_DRV_OP_IOCTL_RPMB : MMC_DRV_OP_IOCTL; > @@ -692,6 +700,10 @@ static int mmc_blk_ioctl_multi_cmd(struct mmc_blk_data *md, > req = blk_get_request(mq->queue, > idata[0]->ic.write_flag ? REQ_OP_DRV_OUT : REQ_OP_DRV_IN, > __GFP_RECLAIM); > + if (IS_ERR(req)) { > + err = PTR_ERR(req); > + goto cmd_err; > + } > req_to_mmc_queue_req(req)->drv_op = > rpmb ? MMC_DRV_OP_IOCTL_RPMB : MMC_DRV_OP_IOCTL; > req_to_mmc_queue_req(req)->drv_op_data = idata; > @@ -2551,6 +2563,8 @@ static int mmc_dbg_card_status_get(void *data, u64 *val) > > /* Ask the block layer about the card status */ > req = blk_get_request(mq->queue, REQ_OP_DRV_IN, __GFP_RECLAIM); > + if (IS_ERR(req)) > + return PTR_ERR(req); > req_to_mmc_queue_req(req)->drv_op = MMC_DRV_OP_GET_CARD_STATUS; > blk_execute_rq(mq->queue, NULL, req, 0); > ret = req_to_mmc_queue_req(req)->drv_op_result; > @@ -2585,6 +2599,10 @@ static int mmc_ext_csd_open(struct inode *inode, struct file *filp) > > /* Ask the block layer for the EXT CSD */ > req = blk_get_request(mq->queue, REQ_OP_DRV_IN, __GFP_RECLAIM); > + if (IS_ERR(req)) { > + err = PTR_ERR(req); > + goto out_free; > + } > req_to_mmc_queue_req(req)->drv_op = MMC_DRV_OP_GET_EXT_CSD; > req_to_mmc_queue_req(req)->drv_op_data = &ext_csd; > blk_execute_rq(mq->queue, NULL, req, 0); > -- > 1.9.1 >