Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit eb571eea authored by Joe Lawrence's avatar Joe Lawrence Committed by Jens Axboe
Browse files

block,scsi: verify return pointer from blk_get_request 



The blk-core dead queue checks introduce an error scenario to
blk_get_request that returns NULL if the request queue has been
shutdown. This affects the behavior for __GFP_WAIT callers, who should
verify the return value before dereferencing.

Signed-off-by: default avatarJoe Lawrence <joe.lawrence@stratus.com>
Acked-by: Jiri Kosina <jkosina@suse.cz> [for pktdvd]
Reviewed-by: default avatarJeff Moyer <jmoyer@redhat.com>
Signed-off-by: default avatarJens Axboe <axboe@fb.com>
parent 52addcf9

block/scsi_ioctl.c

+8 −1
Original line number Diff line number Diff line
@@ -448,6 +448,10 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode, 
	}



	rq = blk_get_request(q, in_len ? WRITE : READ, __GFP_WAIT);

	if (!rq) {

		err = -ENODEV;

		goto error_free_buffer;

	}



	cmdlen = COMMAND_SIZE(opcode);
@@ -520,8 +524,9 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode, 
	}

	

error:

	kfree(buffer);

	blk_put_request(rq);

error_free_buffer:

	kfree(buffer);

	return err;

}

EXPORT_SYMBOL_GPL(sg_scsi_ioctl);
@@ -534,6 +539,8 @@ static int __blk_send_generic(struct request_queue *q, struct gendisk *bd_disk, 
	int err;



	rq = blk_get_request(q, WRITE, __GFP_WAIT);

	if (!rq)

		return -ENODEV;

	blk_rq_set_block_pc(rq);

	rq->timeout = BLK_DEFAULT_SG_TIMEOUT;

	rq->cmd[0] = cmd;

drivers/block/paride/pd.c

+2 −0
Original line number Diff line number Diff line
@@ -722,6 +722,8 @@ static int pd_special_command(struct pd_unit *disk, 
	int err = 0;



	rq = blk_get_request(disk->gd->queue, READ, __GFP_WAIT);

	if (!rq)

		return -ENODEV;



	rq->cmd_type = REQ_TYPE_SPECIAL;

	rq->special = func;

drivers/block/pktcdvd.c

+2 −0
Original line number Diff line number Diff line
@@ -704,6 +704,8 @@ static int pkt_generic_packet(struct pktcdvd_device *pd, struct packet_command * 


	rq = blk_get_request(q, (cgc->data_direction == CGC_DATA_WRITE) ?

			     WRITE : READ, __GFP_WAIT);

	if (!rq)

		return -ENODEV;

	blk_rq_set_block_pc(rq);



	if (cgc->buflen) {

drivers/scsi/scsi_error.c

+2 −0
Original line number Diff line number Diff line
@@ -1960,6 +1960,8 @@ static void scsi_eh_lock_door(struct scsi_device *sdev) 
	 * request becomes available

	 */

	req = blk_get_request(sdev->request_queue, READ, GFP_KERNEL);

	if (!req)

		return;



	blk_rq_set_block_pc(req);