[PATCH] ata: libata: fix ALL_SUB_MPAGES not to be performed when CDL is not supported

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In the previous commit 602bcf212637 ("ata: libata: Improve CDL resource
management"), the ata_cdl structure was added and the ata_cdl structure
memory was allocated with kzalloc(). Because of this, if CDL is not 
supported, dev->cdl is a NULL pointer, so additional work should never 
be done.

However, even if CDL is not supported now, if spg is ALL_SUB_MPAGES,
dereferencing dev->cdl will result in a NULL pointer dereference.

Therefore, I think it is appropriate to check dev->flags in 
ata_scsiop_mode_sense() if spg is ALL_SUB_MPAGES to see if CDL is supported.

Reported-by: syzbot+37757dc11ee77ef850bb@xxxxxxxxxxxxxxxxxxxxxxxxx
Tested-by: syzbot+37757dc11ee77ef850bb@xxxxxxxxxxxxxxxxxxxxxxxxx
Fixes: 602bcf212637 ("ata: libata: Improve CDL resource management")
Signed-off-by: Jeongjun Park <aha310510@xxxxxxxxx>
---
 drivers/ata/libata-scsi.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c
index 3328a6febc13..6f5527f12b0e 100644
--- a/drivers/ata/libata-scsi.c
+++ b/drivers/ata/libata-scsi.c
@@ -2442,7 +2442,9 @@ static unsigned int ata_scsiop_mode_sense(struct ata_scsi_args *args, u8 *rbuf)
 	if (spg) {
 		switch (spg) {
 		case ALL_SUB_MPAGES:
-			break;
+			if (dev->flags & ATA_DFLAG_CDL)
+				break;
+			fallthrough;
 		case CDL_T2A_SUB_MPAGE:
 		case CDL_T2B_SUB_MPAGE:
 		case ATA_FEATURE_SUB_MPAGE:
--




[Index of Archives]     [Linux Filesystems]     [Linux SCSI]     [Linux RAID]     [Git]     [Kernel Newbies]     [Linux Newbie]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Samba]     [Device Mapper]

  Powered by Linux