On 12/04/2011 02:23 AM, psomas@xxxxxxxxxx wrote:
> From: Stratos Psomadakis <psomas@xxxxxxxxxx>
>
> sym53c8xx_slave_destroy unconditionally assumes that sym53c8xx_slave_alloc has
> succesesfully allocated a sym_lcb. This can lead to a NULL pointer dereference
> (exposed by commit 4e6c82b).
>
> Signed-off-by: Stratos Psomadakis <psomas@xxxxxxxxxx>
> Cc: stable@xxxxxxxxxxxxxxx
> ---
>
> drivers/scsi/sym53c8xx_2/sym_glue.c | 4 ++++
> 1 files changed, 4 insertions(+), 0 deletions(-)
>
> diff --git a/drivers/scsi/sym53c8xx_2/sym_glue.c b/drivers/scsi/sym53c8xx_2/sym_glue.c
> index b4543f5..76432f8 100644
> --- a/drivers/scsi/sym53c8xx_2/sym_glue.c
> +++ b/drivers/scsi/sym53c8xx_2/sym_glue.c
> @@ -839,6 +839,10 @@ static void sym53c8xx_slave_destroy(struct scsi_device *sdev)
> struct sym_lcb *lp = sym_lp(tp, sdev->lun);
> unsigned long flags;
>
> + /* if slave_alloc returned before allocating a sym_lcb, return */
> + if (!lp)
> + return;
> +
> spin_lock_irqsave(np->s.host->host_lock, flags);
>
> if (lp->busy_itlq || lp->busy_itl) {
resent (directly to the SCSI and sym53c8xx_2 maintainers)
--
Stratos Psomadakis
<psomas@xxxxxxxxxx>
Attachment:
signature.asc
Description: OpenPGP digital signature
