block,scsi: verify return pointer from blk_get_request
authorJoe Lawrence <joe.lawrence@stratus.com>
Wed, 2 Jul 2014 19:35:16 +0000 (15:35 -0400)
committerJens Axboe <axboe@fb.com>
Tue, 26 Aug 2014 21:20:23 +0000 (15:20 -0600)
The blk-core dead queue checks introduce an error scenario to
blk_get_request that returns NULL if the request queue has been
shutdown. This affects the behavior for __GFP_WAIT callers, who should
verify the return value before dereferencing.

Signed-off-by: Joe Lawrence <joe.lawrence@stratus.com>
Acked-by: Jiri Kosina <jkosina@suse.cz> [for pktdvd]
Reviewed-by: Jeff Moyer <jmoyer@redhat.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
block/scsi_ioctl.c
drivers/block/paride/pd.c
drivers/block/pktcdvd.c
drivers/scsi/scsi_error.c

index 51bf5155ee756a4ac479e9c49fcf88824b0aeedc..29d056782833f1504fd2d10b402679fd63682f09 100644 (file)
@@ -448,6 +448,10 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode,
        }
 
        rq = blk_get_request(q, in_len ? WRITE : READ, __GFP_WAIT);
+       if (!rq) {
+               err = -ENODEV;
+               goto error_free_buffer;
+       }
 
        cmdlen = COMMAND_SIZE(opcode);
 
@@ -520,8 +524,9 @@ out:
        }
        
 error:
-       kfree(buffer);
        blk_put_request(rq);
+error_free_buffer:
+       kfree(buffer);
        return err;
 }
 EXPORT_SYMBOL_GPL(sg_scsi_ioctl);
@@ -534,6 +539,8 @@ static int __blk_send_generic(struct request_queue *q, struct gendisk *bd_disk,
        int err;
 
        rq = blk_get_request(q, WRITE, __GFP_WAIT);
+       if (!rq)
+               return -ENODEV;
        blk_rq_set_block_pc(rq);
        rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
        rq->cmd[0] = cmd;
index fea7e76a00de66e7d20dd6859ad851d8ecb40a35..ca831f741d8937e29a7c8a96d9f1661aa3811f8f 100644 (file)
@@ -722,6 +722,8 @@ static int pd_special_command(struct pd_unit *disk,
        int err = 0;
 
        rq = blk_get_request(disk->gd->queue, READ, __GFP_WAIT);
+       if (!rq)
+               return -ENODEV;
 
        rq->cmd_type = REQ_TYPE_SPECIAL;
        rq->special = func;
index 758ac442c5b5dd0e8c1d2e2689ac1a0d8c06604d..7fa8c80e8982604d8650b2469a53252c4727f020 100644 (file)
@@ -704,6 +704,8 @@ static int pkt_generic_packet(struct pktcdvd_device *pd, struct packet_command *
 
        rq = blk_get_request(q, (cgc->data_direction == CGC_DATA_WRITE) ?
                             WRITE : READ, __GFP_WAIT);
+       if (!rq)
+               return -ENODEV;
        blk_rq_set_block_pc(rq);
 
        if (cgc->buflen) {
index 5db8454474eefa7cae0e9a0274b2954381293e95..4c433bf47a06931a2d4416427574c9c828d97f4a 100644 (file)
@@ -1960,6 +1960,8 @@ static void scsi_eh_lock_door(struct scsi_device *sdev)
         * request becomes available
         */
        req = blk_get_request(sdev->request_queue, READ, GFP_KERNEL);
+       if (!req)
+               return;
 
        blk_rq_set_block_pc(req);