| Message ID | 20171208115516.3h55rvjq54hyfecq@mwanda (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 08/12/17 13:55, Dan Carpenter wrote: > mmc_blk_alloc_req() is supposed to return error pointers but there is > one path where we forget to set the error code and accidentally return > NULL. The callers are not expecting that and will have a NULL pointer > dereference. > > Fixes: 23da8bed11f2 ("mmc: block: Simplify cleaning up the queue") > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Adrian Hunter <adrian.hunter@intel.com> > > diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c > index ab384ba6cb37..6af2b660b1f7 100644 > --- a/drivers/mmc/core/block.c > +++ b/drivers/mmc/core/block.c > @@ -3037,6 +3037,7 @@ static struct mmc_blk_data *mmc_blk_alloc_req(struct mmc_card *card, > */ > if (!blk_get_queue(md->queue.queue)) { > mmc_cleanup_queue(&md->queue); > + ret = -ENODEV; > goto err_putdisk; > } > > -- To unsubscribe from this list: send the line "unsubscribe linux-mmc" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 8 December 2017 at 12:55, Dan Carpenter <dan.carpenter@oracle.com> wrote: > mmc_blk_alloc_req() is supposed to return error pointers but there is > one path where we forget to set the error code and accidentally return > NULL. The callers are not expecting that and will have a NULL pointer > dereference. > > Fixes: 23da8bed11f2 ("mmc: block: Simplify cleaning up the queue") > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Thanks, applied for next! Kind regards Uffe > > diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c > index ab384ba6cb37..6af2b660b1f7 100644 > --- a/drivers/mmc/core/block.c > +++ b/drivers/mmc/core/block.c > @@ -3037,6 +3037,7 @@ static struct mmc_blk_data *mmc_blk_alloc_req(struct mmc_card *card, > */ > if (!blk_get_queue(md->queue.queue)) { > mmc_cleanup_queue(&md->queue); > + ret = -ENODEV; > goto err_putdisk; > } > -- To unsubscribe from this list: send the line "unsubscribe linux-mmc" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c index ab384ba6cb37..6af2b660b1f7 100644 --- a/drivers/mmc/core/block.c +++ b/drivers/mmc/core/block.c @@ -3037,6 +3037,7 @@ static struct mmc_blk_data *mmc_blk_alloc_req(struct mmc_card *card, */ if (!blk_get_queue(md->queue.queue)) { mmc_cleanup_queue(&md->queue); + ret = -ENODEV; goto err_putdisk; }
mmc_blk_alloc_req() is supposed to return error pointers but there is one path where we forget to set the error code and accidentally return NULL. The callers are not expecting that and will have a NULL pointer dereference. Fixes: 23da8bed11f2 ("mmc: block: Simplify cleaning up the queue") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> -- To unsubscribe from this list: send the line "unsubscribe linux-mmc" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html