On 8 December 2017 at 12:55, Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote:
> mmc_blk_alloc_req() is supposed to return error pointers but there is
> one path where we forget to set the error code and accidentally return
> NULL. The callers are not expecting that and will have a NULL pointer
> dereference.
>
> Fixes: 23da8bed11f2 ("mmc: block: Simplify cleaning up the queue")
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Thanks, applied for next!
Kind regards
Uffe
>
> diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c
> index ab384ba6cb37..6af2b660b1f7 100644
> --- a/drivers/mmc/core/block.c
> +++ b/drivers/mmc/core/block.c
> @@ -3037,6 +3037,7 @@ static struct mmc_blk_data *mmc_blk_alloc_req(struct mmc_card *card,
> */
> if (!blk_get_queue(md->queue.queue)) {
> mmc_cleanup_queue(&md->queue);
> + ret = -ENODEV;
> goto err_putdisk;
> }
>
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
