Re: [PATCH] SCSI: mvsas: Fix NULL pointer dereference in mvs_slot_task_free

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 2015-10-21 at 16:18 +0300, Dāvis Mosāns wrote:
> 2015-10-21 10:33 GMT+03:00 Johannes Thumshirn <jthumshirn@xxxxxxx>:
> > On Tue, 2015-10-20 at 20:41 +0300, Dāvis Mosāns wrote:
> > > 2015-08-21 7:29 GMT+03:00 Dāvis Mosāns <davispuh@xxxxxxxxx>:
> > > > When pci_pool_alloc fails in mvs_task_prep then task->lldd_task
> > > > stays
> > > > NULL but it's later used in mvs_abort_task as slot which is
> > > > passed
> > > > to mvs_slot_task_free causing NULL pointer dereference.
> > > > 
> > > > Just return from mvs_slot_task_free when passed with NULL slot.
> > > > 
> > > > Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=101891
> > > > Signed-off-by: Dāvis Mosāns <davispuh@xxxxxxxxx>
> > > > ---
> > > >  drivers/scsi/mvsas/mv_sas.c | 2 ++
> > > >  1 file changed, 2 insertions(+)
> > > > 
> > > > diff --git a/drivers/scsi/mvsas/mv_sas.c
> > > > b/drivers/scsi/mvsas/mv_sas.c
> > > > index 454536c..9c78074 100644
> > > > --- a/drivers/scsi/mvsas/mv_sas.c
> > > > +++ b/drivers/scsi/mvsas/mv_sas.c
> > > > @@ -887,6 +887,8 @@ static void mvs_slot_free(struct mvs_info
> > > > *mvi,
> > > > u32 rx_desc)
> > > >  static void mvs_slot_task_free(struct mvs_info *mvi, struct
> > > > sas_task *task,
> > > >                           struct mvs_slot_info *slot, u32
> > > > slot_idx)
> > > >  {
> > > > +       if (!slot)
> > > > +               return;
> > > >         if (!slot->task)
> > > >                 return;
> > > >         if (!sas_protocol_ata(task->task_proto))
> > > > --
> > > > 2.5.0
> > > > 
> > > 
> > > Can this get merged?
> > > So far since august it have saved me from several kernel crashes.
> > 
> > If it saved you from several crashes, it probably should be tagged
> > for
> > stable, shouldn't it?
> > 
> > Reviewed-by: Johannes Thumshirn <jthumshirn@xxxxxxx>
> > 
> > 
> 
> I don't really know how that works... this is my first patch so I'm
> not really concerned about in which version it gets in as long as it
> does.
> I've been compiling kernel with this patch for these months so for me
> it
> doesn't really make any difference.

You can add
Cc: stable@xxxxxxxxxxxxxxx
somewhere around your Signed-off-by 

Documentation/stable_kernel_rules.txt has all the process
documentation.
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]
  Powered by Linux