zhang / rpms / kernel

Forked from rpms/kernel 5 years ago
Clone
f2c60e
From 7afe9a8d7dca86a8f35250f21f5f0a62ea2fedf7 Mon Sep 17 00:00:00 2001
f2c60e
From: "kernel-team@fedoraproject.org" <kernel-team@fedoraproject.org>
f2c60e
Date: Fri, 10 Feb 2012 14:56:13 -0500
f2c60e
Subject: [PATCH] scsi: sd_revalidate_disk prevent NULL ptr deref
f2c60e
f2c60e
Bugzilla: 754518
f2c60e
Upstream-status: Fedora mustard (might be worth dropping...)
f2c60e
---
f2c60e
 drivers/scsi/sd.c | 7 ++++++-
f2c60e
 1 file changed, 6 insertions(+), 1 deletion(-)
f2c60e
f2c60e
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
f2c60e
index 3d22fc3..07aec76 100644
f2c60e
--- a/drivers/scsi/sd.c
f2c60e
+++ b/drivers/scsi/sd.c
f2c60e
@@ -2825,7 +2825,7 @@ static inline u32 logical_to_sectors(struct scsi_device *sdev, u32 blocks)
f2c60e
 static int sd_revalidate_disk(struct gendisk *disk)
f2c60e
 {
f2c60e
 	struct scsi_disk *sdkp = scsi_disk(disk);
f2c60e
-	struct scsi_device *sdp = sdkp->device;
f2c60e
+	struct scsi_device *sdp;
f2c60e
 	struct request_queue *q = sdkp->disk->queue;
f2c60e
 	sector_t old_capacity = sdkp->capacity;
f2c60e
 	unsigned char *buffer;
f2c60e
@@ -2833,6 +2833,11 @@ static int sd_revalidate_disk(struct gendisk *disk)
f2c60e
 	SCSI_LOG_HLQUEUE(3, sd_printk(KERN_INFO, sdkp,
f2c60e
 				      "sd_revalidate_disk\n"));
f2c60e
 
f2c60e
+	if (WARN_ONCE((!sdkp), "Invalid scsi_disk from %p\n", disk))
f2c60e
+		goto out;
f2c60e
+
f2c60e
+	sdp = sdkp->device;
f2c60e
+
f2c60e
 	/*
f2c60e
 	 * If the device is offline, don't try and read capacity or any
f2c60e
 	 * of the other niceties.
f2c60e
-- 
f2c60e
2.5.0
f2c60e