kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   a07f7ac44cacae01a70ddaee4b6440c9e8a59054
  2.   patches.suse
  3.   mmc-block-blk-mq-potential-null-deref-on-mmc_blk_alloc_req-failure.patch
Blob Blame History Raw 
From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Fri, 8 Dec 2017 14:55:16 +0300
Subject: mmc: block: blk-mq: Potential NULL deref on mmc_blk_alloc_req()
 failure
Git-commit: 2361bfb055f948eac6583fa3c75a014da84fe554
Patch-mainline: v4.16-rc1
References: FATE#324519

mmc_blk_alloc_req() is supposed to return error pointers but there is
one path where we forget to set the error code and accidentally return
NULL.  The callers are not expecting that and will have a NULL pointer
dereference.

Fixes: 41e3efd07d5a ("mmc: block: Simplify cleaning up the queue")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Acked-by: Nicolas Saenz Julienne <nsaenzjulienne@suse.de>
---
 drivers/mmc/core/block.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c
index 579fc0bd722f..654fc1ebd675 100644
--- a/drivers/mmc/core/block.c
+++ b/drivers/mmc/core/block.c
@@ -2328,6 +2328,7 @@ static struct mmc_blk_data *mmc_blk_alloc_req(struct mmc_card *card,
 	 */
 	if (!blk_get_queue(md->queue.queue)) {
 		mmc_cleanup_queue(&md->queue);
+		ret = -ENODEV;
 		goto err_putdisk;
 	}
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.