From patchwork Thu Sep 10 02:24:03 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ken Xue X-Patchwork-Id: 7150081 Return-Path: X-Original-To: patchwork-linux-scsi@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 3FC499F1D3 for ; Thu, 10 Sep 2015 02:28:07 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 54B4320997 for ; Thu, 10 Sep 2015 02:28:06 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 412E720991 for ; Thu, 10 Sep 2015 02:28:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752893AbbIJC2E (ORCPT ); Wed, 9 Sep 2015 22:28:04 -0400 Received: from mail-bl2on0090.outbound.protection.outlook.com ([65.55.169.90]:23168 "EHLO na01-bl2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752666AbbIJC2D (ORCPT ); Wed, 9 Sep 2015 22:28:03 -0400 X-Greylist: delayed 58474 seconds by postgrey-1.27 at vger.kernel.org; Wed, 09 Sep 2015 22:28:02 EDT Received: from CY1PR1201CA0039.namprd12.prod.outlook.com (10.169.17.177) by CY1PR12MB0853.namprd12.prod.outlook.com (10.164.70.11) with Microsoft SMTP Server (TLS) id 15.1.262.15; Thu, 10 Sep 2015 02:28:00 +0000 Received: from BY2NAM03FT009.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e4a::209) by CY1PR1201CA0039.outlook.office365.com (2a01:111:e400:5b9a::49) with Microsoft SMTP Server (TLS) id 15.1.262.15 via Frontend Transport; Thu, 10 Sep 2015 02:28:00 +0000 Authentication-Results: spf=none (sender IP is 165.204.84.222) smtp.mailfrom=amd.com; intel.com; dkim=none (message not signed) header.d=none; intel.com; dmarc=permerror action=none header.from=amd.com; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) Received: from atltwp02.amd.com (165.204.84.222) by BY2NAM03FT009.mail.protection.outlook.com (10.152.84.120) with Microsoft SMTP Server id 15.1.274.4 via Frontend Transport; Thu, 10 Sep 2015 02:27:59 +0000 X-WSS-ID: 0NUFW6I-08-4I9-02 X-M-MSG: Received: from satlvexedge01.amd.com (satlvexedge01.amd.com [10.177.96.28]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by atltwp02.amd.com (Axway MailGate 5.3.1) with ESMTPS id 27724D1603D; Wed, 9 Sep 2015 22:27:54 -0400 (EDT) Received: from SATLEXDAG01.amd.com (10.181.40.3) by satlvexedge01.amd.com (10.177.96.28) with Microsoft SMTP Server (TLS) id 14.3.195.1; Wed, 9 Sep 2015 21:28:18 -0500 Received: from SCYBEXDAG01.amd.com (10.34.11.11) by SATLEXDAG01.amd.com (10.181.40.3) with Microsoft SMTP Server (TLS) id 14.3.195.1; Wed, 9 Sep 2015 22:27:57 -0400 Received: from [10.237.74.14] (10.237.74.14) by SCYBEXDAG01.amd.com (10.34.11.11) with Microsoft SMTP Server id 14.3.195.1; Thu, 10 Sep 2015 10:27:53 +0800 Message-ID: <1441851843.5845.106.camel@kxue-X58A-UD3R> Subject: [PATCH 2/2] SCSI: Fix NULL pointer dereference in RTPM of block layer From: Ken Xue To: Alan Stern CC: , , , , , , Date: Thu, 10 Sep 2015 10:24:03 +0800 X-Mailer: Evolution 3.10.4-0ubuntu2 MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:165.204.84.222; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10009020)(6009001)(2980300002)(428002)(199003)(189002)(19580395003)(68736005)(50986999)(5007970100001)(2171001)(64706001)(23676002)(77096005)(11100500001)(77156002)(50226001)(105586002)(62966003)(101416001)(5001860100001)(103116003)(110136002)(46102003)(5820100001)(33646002)(15975445007)(229853001)(106466001)(4001540100001)(50466002)(33716001)(47776003)(97736004)(189998001)(92566002)(19580405001)(86362001)(5001830100001)(87936001)(99106002)(3940600001); DIR:OUT; SFP:1101; SCL:1; SRVR:CY1PR12MB0853; H:atltwp02.amd.com; FPR:; SPF:None; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0853; 2:YSvW3QdZAcRtLaDG4YXcGX3DSJ8/gw7gDUC45Lh/rWIqxupAihamZTOGp3l+KmgHNnlI+gEH24IoL0Pg6WA7MRXdTNQtqkrpZT2uuuw+xCLon++82PRazJpCa4H5PYPRG8iZIuUR9+CwH0EplNyWDt4s1u1DzuhUZdjHwFvXiz0=; 3:p45ARnup8JIAf8pollus2H9STOKnWmVe2ZWJRYcrWOsSDw3qH1RUQqpY8/GEYEMTWIazYUx+UoBBLmTMOq7REGu3uhojFTsIgzmeocRWZ70rYjdUiQLpOG1xG4kFH5myKrK8Qz0nVHVHWo8Zjxh+DCBDNmkQMeVxWphCP5gF0CvSqir6MzmQv6GNhsGbJrQ1wgxlyWnmm/+WfyD78ES1s/WLnY3c0Ogob1DFcQ3jnNnLsJgPCsqNkyLLdO+2mXg7; 25:jNqOsKQhfFNyu+UXms+XnNRDrrASO0e0j4WuFSDwXyht61kmdwB9lwzRGNyrMtlyK052Qr1UI4NjtlWgnlGjAo0MSg5NySoEW5RhNr3iFdaQBd4SYtB+1Gj/A1M29KlaUuQojFeyiIno/Nu7v9HKNzWFZRxoAiVS2Po6sS4KSNgn4p2xOId1vGFLgQKoW/Y2pBC2Fhc+aGQRofKwcIoaNU1jy2vNz8iLhzk7Pt4sbPzT0rmJjNMlYWpwMAizs5FtRxmT1+n6ghIh7XbSR3HAxQ== X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY1PR12MB0853; X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0853; 20:+jAEpAuTXTwsTHfJpltAdMKMlRGbWsnGqbVYtG0/8HKhpvw75RfzOayIYOEVY6URoZFw0KOzAmwQ8QcyGz7MrK2irIKqJdDyxmRK4oOX9J+BdjstfrsoDnIyltEi2FSkIkFwa3rp+FQwzCjsvPzSxH5hhg9qvXdSOOx1pBAN7L1aC+AR1uOOr5Fj0mln0Bod+EoCHtcEqRbGw8hfGSE7ZM2ydi+BZphmJt4tPfw5+Dzld5qHebWMO5ijrFbisz1worPX2x1B7Jm2XI52sFhWtyHidgCbnO4Ib0wzHumUfDbIghDYtEjVZkwXJVT4blYDw1Gghev/1xn1eiOborkTz5b14VcgtF/xTM42RVQKdOEjaUf32ipgD4bmDyWEVT1eau7y0Qfm6SoFWjIYx9IHO85dWqAKuu5KbCFm70oRyZcZ86crvVdn70JduVPFEx2mqirClZi2D/kiKBVrf1N4phxn3Rbngf/oeSKawPGhvoG0bl5vxn7KlCZW1ri9jT0r; 4:VlO0/gMBFFqxmOKbiMLuvfggdna/iOp60ncwqWRZG9R02Dw3OfBgPpTGIg46o0qX8lQBj/QZU532XUy7pCsx/1XEa43dU7reoZIqdscehD8kCz816CtFi8g65ajUHMoNyTEPeybw1VN++mhY3EkVbYEXVCfFzUJ0erc3GMamCIvcNNiMz2gYCq48BIMGYHctWgHwe3qj6VsyVC7aCGN+NZHKZzQ2LzBnAWgHvIhX1+Y6ib9jJ43JElepEMxp2F7HTZ75VcIsYlsB5SGtjZ/LtBfUPLkd7b76jtEb+vz8C0maL7/j7fCB1a3LiFSrue7p X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(8121501046)(5005006)(3002001); SRVR:CY1PR12MB0853; BCL:0; PCL:0; RULEID:; SRVR:CY1PR12MB0853; X-Forefront-PRVS: 06952FC175 X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTFQUjEyTUIwODUzOzIzOmp4RTM0NWcrUWZQY1laWVlFbjVJRUpOS1pJ?= =?utf-8?B?eVA3NkFNM3cwV3QxLzVSRmhWNjk1UXF1WjBmREZwa1FmbE9YRG1SSlU4d2hX?= =?utf-8?B?QXVCd3ZhVjNlUVJFZXZDU05DT3Y3QTQ1S2Q1Y1o1dkNLbDVBQk0zcTBVNVo2?= =?utf-8?B?OTBQc1JhWXIyc05EQlNpU1JvRzlyYWY5VXNQYVRyM0E1T0ZLU3Q1aUwrbENY?= =?utf-8?B?ZGo1eHFqN3F2YXBPVEpEVzFIYWFhdXRkdEdLcFZONnhzQVFNWHNabkpWa3ZG?= =?utf-8?B?aWVVekZncFRTZUF5cFdHZ2RJSTU1OHFYUzBScUhicGN4K0tvbVQ1RFVnT0Vw?= =?utf-8?B?a2d4VWlXS1IyQW92aUVCeEE4SUtsc1RSV09FMmZRWElGNU15TDlyUGgyQmlN?= =?utf-8?B?c2QyZzZPeXRrMzhTVEl1RzFQSS90eEFpWVdOQm5GT2hQWmkzOGNIZ3pBQWJ0?= =?utf-8?B?aFNnUXBwcFNNNUJxczVQYTUyaFVBb2RTUmRHd1l6Z1hKb21rV2EwMjVMWHhD?= =?utf-8?B?TGt5UVZhN1ozQ0Z2RjBtVG9EbzA2aWx5czZsdFpMdW1TVzVGa2pFaUVxZEJy?= =?utf-8?B?dWhXTDRWWCtDcWt3MncrVlhlcXZ6c0IwL0hVTjUwblFjaEFvQ1lLeEpMTVdR?= =?utf-8?B?c0k5WmQ0MXNUNFZpNlFRWTJUdDdBemN2czhjMTlRU3FUelU3OHY0TXFZYWhH?= =?utf-8?B?d1RLUmg4NFJtY0dKMU0vajAwd1lqWkpmUWE4SnQ2QS9pWE85R2VsMUdla1FM?= =?utf-8?B?OUErMVM5cTBLWERaQXczQ0dvdHRjSVhWL09xcGlabFlLT2htMmRnbTFMaFBL?= =?utf-8?B?WDNFc25vdWoxcFFWUE80cDQyYndrNVdpM1l6VlNTcmFKaU9GSHRLaU9rRDBW?= =?utf-8?B?anJjTGRqUGlmWElDdUdzOC9wMkE1WHBWdzM4T0Nxbk5HNmVpT012dWhQakZN?= =?utf-8?B?eWd2UkkwY3FPK1Q3SVkraDI5ZlFsTXlZN05vQmMvWXNGQ3dIOXlpd3BXTjZ2?= =?utf-8?B?ZUN1Tkxqb2xMdjFka2xqMmV1YklONmtrYjZzdkltd1lzcXZyamdxSVdabE96?= =?utf-8?B?dERoZ29ZOEdNb0RZNjY0QUI5ellQM2JPT3oyVmh1dU0xclhpVmtZZzkwczg5?= =?utf-8?B?alFxTWdCZzhPbWYzM29XK2hvZy9reXQ3dEZhMHowdEVlZUNRdG9MK1dqc2RV?= =?utf-8?B?Q3FnaVN2Um5Xc3M4WW5vbmJZTGFTRjJxUFYveHp3N09Qd3hjVXkzOWd3SWVF?= =?utf-8?B?djlpSlFtRnJNajhRVUJHeXhtSW1uNU1IMThWSWFCNm9YYWhHODFHTFdNYnhw?= =?utf-8?B?YWovaGcySHZQVmtqTHkwendmckpsTUVKVlFtMkZoNEpZb0dSK2o4emVUZUJC?= =?utf-8?B?VFhWRzVxeXVINnhqYmVISjdYTmw1aGRvTkhHV1p3cXFERGdJMTdWK3R2VURS?= =?utf-8?B?WENlWjJOOWdnemh6RFJyTXpvRUJON0o3a2N0cC8rV1RyVFlxZ25tNFFwclNw?= =?utf-8?Q?xMh3p2FrX7kIov9Lhe7p4qkdg=3D?= X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0853; 5:zouPHUw8bF56VzNH0XajRZKwm/ZxbX9ZS5zmIhtAI/XySHPH8XKrpwr1gvOLiaaa2LwUI8yuFP4mnEQRlEQisUWSMzXO69nHbhlrDH/nOvhLbJnvF6BKZLxw9kjzPmXicOs3w1JMDaVeztUT8n2BKQ==; 24:Rc9PtdOeck9ny8wqgQ6enuMdPBZUXvSVG4SL44Fht5d4nUFYH5Yy2vgfZhY2yg6A50o2EzGDrP2LP7hAqKAio/1uAofCuLOx2NOGfLY5v1s=; 20:gCuKU9Xh3pOFIIgdqljmmgUoYHwipDD5YZ42Ymc50jDINkYzpmCxYrb8vxD0Cz8Su5eORhqk6Uc4OzaVjH5kUg== SpamDiagnosticOutput: 1:23 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Sep 2015 02:27:59.3631 (UTC) X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.222]; Helo=[atltwp02.amd.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR12MB0853 Sender: linux-scsi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, T_RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP SCSI: Fix NULL pointer dereference in RTPM of block layer The routines in scsi_pm.c assume that if a runtime-PM callback is invoked for a SCSI device, it can only mean that the device's driver has asked the block layer to handle the runtime power management (by calling blk_pm_runtime_init(), which among other things sets q->dev). However, this assumption turns out to be wrong for things like the ses driver. Normally ses devices are not allowed to do runtime PM, but userspace can override this setting. If this happens, the kernel gets a NULL pointer dereference when blk_post_runtime_resume() tries to use the uninitialized q->dev pointer. This patch fixes the problem by checking q->dev in block layer before handle runtime PM. Since ses doesn't define any PM callbacks and call blk_pm_runtime_init(), the crash won't occur. This fixes Bugzilla #101371. https://bugzilla.kernel.org/show_bug.cgi?id=101371 Signed-off-by: Ken Xue Acked-by: Alan Stern Cc: stable@vger.kernel.org --- block/blk-core.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/block/blk-core.c b/block/blk-core.c index 60912e9..a07ab18 100644 --- a/block/blk-core.c +++ b/block/blk-core.c @@ -3280,6 +3280,9 @@ int blk_pre_runtime_suspend(struct request_queue *q) { int ret = 0; + if (!q->dev) + return ret; + spin_lock_irq(q->queue_lock); if (q->nr_pending) { ret = -EBUSY; @@ -3307,6 +3310,9 @@ EXPORT_SYMBOL(blk_pre_runtime_suspend); */ void blk_post_runtime_suspend(struct request_queue *q, int err) { + if (!q->dev) + return; + spin_lock_irq(q->queue_lock); if (!err) { q->rpm_status = RPM_SUSPENDED; @@ -3331,6 +3337,9 @@ EXPORT_SYMBOL(blk_post_runtime_suspend); */ void blk_pre_runtime_resume(struct request_queue *q) { + if (!q->dev) + return; + spin_lock_irq(q->queue_lock); q->rpm_status = RPM_RESUMING; spin_unlock_irq(q->queue_lock); @@ -3353,6 +3362,9 @@ EXPORT_SYMBOL(blk_pre_runtime_resume); */ void blk_post_runtime_resume(struct request_queue *q, int err) { + if (!q->dev) + return; + spin_lock_irq(q->queue_lock); if (!err) { q->rpm_status = RPM_ACTIVE;