From patchwork Fri Dec  8 11:55:16 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Dan Carpenter <dan.carpenter@oracle.com>
X-Patchwork-Id: 10102405
Return-Path: <linux-mmc-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	3C049602A0 for <patchwork-linux-mmc@patchwork.kernel.org>;
	Fri,  8 Dec 2017 11:55:45 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3B0A728BB4
	for <patchwork-linux-mmc@patchwork.kernel.org>;
	Fri,  8 Dec 2017 11:55:45 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 2FD5E28B7D; Fri,  8 Dec 2017 11:55:45 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_HI, T_DKIM_INVALID,
	UNPARSEABLE_RELAY autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E07A628BB4
	for <patchwork-linux-mmc@patchwork.kernel.org>;
	Fri,  8 Dec 2017 11:55:43 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753194AbdLHLzm (ORCPT
	<rfc822;patchwork-linux-mmc@patchwork.kernel.org>);
	Fri, 8 Dec 2017 06:55:42 -0500
Received: from aserp2120.oracle.com ([141.146.126.78]:38148 "EHLO
	aserp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753303AbdLHLzi (ORCPT
	<rfc822;linux-mmc@vger.kernel.org>); Fri, 8 Dec 2017 06:55:38 -0500
Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1])
	by aserp2120.oracle.com (8.16.0.21/8.16.0.21) with SMTP id
	vB8BpTvX146509; Fri, 8 Dec 2017 11:55:32 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com;
	h=date : from : to : cc
	: subject : message-id : mime-version : content-type;
	s=corp-2017-10-26;
	bh=SAD+1/ktiVWZ2sdLbV/Ijy03mRHoNnfs310fNO+nrS0=;
	b=cA60b7jxLyTU5IAQLU7pjSx54IL9vEohSlTe9sX5Xos28a/zTZShPpwCW59SkvuzH582
	9TkLqDrr77tm5br8e7Qo7xYKUMkUVQH71RjW2QdAsipi1g3kGmw97Xz8Y/H3QlKUhXSg
	78xwCOE5DbO4zgzXj+PEGgwLJUtfhxGXae2sj8ju8P5RFMMOnQSi3vx8hIfXkeFfslsE
	qVSJJ3XPDGBNboslYXNByCUPQ6ZWWEgPGXRuaOpZdecZ5fzz2i4QvE7CvNrAUGVW5YK4
	l+KYhhPCwvydMIdIxEMAkn40R2GeUMNx/rdr2jwyWJiYpPqspNIrWizydHtL9GVTZ3MH
	Zg==
Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234])
	by aserp2120.oracle.com with ESMTP id 2eqt4w01k8-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Fri, 08 Dec 2017 11:55:32 +0000
Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72])
	by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id vB8BtViI000629
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Fri, 8 Dec 2017 11:55:31 GMT
Received: from abhmp0013.oracle.com (abhmp0013.oracle.com [141.146.116.19])
	by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id
	vB8BtUDY032465; Fri, 8 Dec 2017 11:55:30 GMT
Received: from mwanda (/197.157.0.59)
	by default (Oracle Beehive Gateway v4.0)
	with ESMTP ; Fri, 08 Dec 2017 03:55:28 -0800
Date: Fri, 8 Dec 2017 14:55:16 +0300
From: Dan Carpenter <dan.carpenter@oracle.com>
To: Ulf Hansson <ulf.hansson@linaro.org>,
	Adrian Hunter <adrian.hunter@intel.com>
Cc: Linus Walleij <linus.walleij@linaro.org>,
	Shawn Lin <shawn.lin@rock-chips.com>,
	linux-mmc@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: [PATCH] mmc: block: blk-mq: Potential NULL deref on
	mmc_blk_alloc_req() failure
Message-ID: <20171208115516.3h55rvjq54hyfecq@mwanda>
MIME-Version: 1.0
Content-Disposition: inline
X-Mailer: git-send-email haha only kidding
User-Agent: NeoMutt/20170609 (1.8.3)
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8738
	signatures=668644
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0
	suspectscore=0 malwarescore=0
	phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=985
	adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
	engine=8.0.1-1711220000 definitions=main-1712080171
Sender: linux-mmc-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-mmc.vger.kernel.org>
X-Mailing-List: linux-mmc@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

mmc_blk_alloc_req() is supposed to return error pointers but there is
one path where we forget to set the error code and accidentally return
NULL.  The callers are not expecting that and will have a NULL pointer
dereference.

Fixes: 23da8bed11f2 ("mmc: block: Simplify cleaning up the queue")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
---
To unsubscribe from this list: send the line "unsubscribe linux-mmc" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c
index ab384ba6cb37..6af2b660b1f7 100644
--- a/drivers/mmc/core/block.c
+++ b/drivers/mmc/core/block.c
@@ -3037,6 +3037,7 @@ static struct mmc_blk_data *mmc_blk_alloc_req(struct mmc_card *card,
 	 */
 	if (!blk_get_queue(md->queue.queue)) {
 		mmc_cleanup_queue(&md->queue);
+		ret = -ENODEV;
 		goto err_putdisk;
 	}