projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 99c749a)
mtip32xx: fix dereference of stack garbage
authorJens Axboe <axboe@fb.com>
Fri, 21 Apr 2017 14:46:44 +0000 (08:46 -0600)
committerJens Axboe <axboe@fb.com>
Fri, 21 Apr 2017 14:46:44 +0000 (08:46 -0600)
We need to get the command payload from the request before
we attempt to dereference it.

Fixes: 4dda4735c581 ("mtip32xx: add a status field to struct mtip_cmd")
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@fb.com>
drivers/block/mtip32xx/mtip32xx.c patch | blob | blame | history

diff --git a/drivers/block/mtip32xx/mtip32xx.c b/drivers/block/mtip32xx/mtip32xx.c
index 66a6bd83faae8c74296f6a52e5feaab255894d77..54c8736038deff6d5308f6a916c96d11d4dfe124 100644 (file)
--- a/drivers/block/mtip32xx/mtip32xx.c
+++ b/drivers/block/mtip32xx/mtip32xx.c
@@ -4108,6 +4108,7 @@ static void mtip_no_dev_cleanup(struct request *rq, void *data, bool reserv)
        struct mtip_cmd *cmd;
 
        if (likely(!reserv)) {
+               cmd = blk_mq_rq_to_pdu(rq);
                cmd->status = -ENODEV;
                blk_mq_complete_request(rq);
        } else if (test_bit(MTIP_PF_IC_ACTIVE_BIT, &dd->port->flags)) {