[PATCH] [BUG] libata: NULL pointer panic in ata_eh_link_report()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I've been trying to boot the linux-next tree and my system is getting a
kernel panic from an attempt to dereference a NULL pointer inside
ata_eh_link_report(). The following commit introduced the bug.

commit: cbba5b0ee4c6c2fc8b78a21d0900099d480cf2e9

The bug appears when the local variable cdb_len is initialized with
qc->dev->cdb_len without first checking qc->flags for ATA_QCFLAG_FAILED.
For whatever reason, qc->dev is NULL when it runs through my
motherboard's Marvell 91xx Config ATA device.

Signed-off-by: Jack Williams <jacwil014@xxxxxxxxx>
---
 drivers/ata/libata-eh.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/ata/libata-eh.c b/drivers/ata/libata-eh.c
index 7478c8d0c2cb..b09efdd6d125 100644
--- a/drivers/ata/libata-eh.c
+++ b/drivers/ata/libata-eh.c
@@ -2481,16 +2481,18 @@ static void ata_eh_link_report(struct ata_link *link)
 	for (tag = 0; tag < ATA_MAX_QUEUE; tag++) {
 		struct ata_queued_cmd *qc = __ata_qc_from_tag(ap, tag);
 		struct ata_taskfile *cmd = &qc->tf, *res = &qc->result_tf;
 		const u8 *cdb = qc->cdb;
-		size_t cdb_len = qc->dev->cdb_len;
+		size_t cdb_len;
 		char data_buf[20] = "";
 		char cdb_buf[70] = "";
 
 		if (!(qc->flags & ATA_QCFLAG_FAILED) ||
 		    ata_dev_phys_link(qc->dev) != link || !qc->err_mask)
 			continue;
 
+		cdb_len = qc->dev->cdb_len;
+
 		if (qc->dma_dir != DMA_NONE) {
 			static const char *dma_str[] = {
 				[DMA_BIDIRECTIONAL]	= "bidi",
 				[DMA_TO_DEVICE]		= "out",
-- 
2.0.5

--
To unsubscribe from this list: send the line "unsubscribe linux-ide" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Filesystems]     [Linux SCSI]     [Linux RAID]     [Git]     [Kernel Newbies]     [Linux Newbie]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Samba]     [Device Mapper]

  Powered by Linux