| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 12 Sep 2015 13:37:02 -0400 (EDT) From: Alan Stern <stern@...land.harvard.edu> To: Greg Kroah-Hartman <gregkh@...uxfoundation.org> cc: linux-kernel@...r.kernel.org, <stable@...r.kernel.org>, StanisÅaw Pitucha <viraptor@...il.com>, Ilan Cohen <ilanco@...il.com>, Johannes Thumshirn <jthumshirn@...e.de>, James Bottomley <JBottomley@...n.com> Subject: Re: [PATCH 4.1 70/78] SCSI: Fix NULL pointer dereference in runtime PM On Fri, 11 Sep 2015, Greg Kroah-Hartman wrote: > 4.1-stable review patch. If anyone has any objections, please let me know. It turns out that this patch causes problems with the sr driver. A reversion and alternate solution have already been submitted to James Bottomley (http://marc.info/?l=linux-scsi&m=144185206825609&w=2). We ought to hold off putting it into the -stable kernels. Alan Stern > ------------------ > > From: Alan Stern <stern@...land.harvard.edu> > > commit 49718f0fb8c9af192b33d8af3a2826db04025371 upstream. > > The routines in scsi_rpm.c assume that if a runtime-PM callback is > invoked for a SCSI device, it can only mean that the device's driver > has asked the block layer to handle the runtime power management (by > calling blk_pm_runtime_init(), which among other things sets q->dev). > > However, this assumption turns out to be wrong for things like the ses > driver. Normally ses devices are not allowed to do runtime PM, but > userspace can override this setting. If this happens, the kernel gets > a NULL pointer dereference when blk_post_runtime_resume() tries to use > the uninitialized q->dev pointer. > > This patch fixes the problem by calling the block layer's runtime-PM > routines only if the device's driver really does have a runtime-PM > callback routine. Since ses doesn't define any such callbacks, the > crash won't occur. > > This fixes Bugzilla #101371. > > Signed-off-by: Alan Stern <stern@...land.harvard.edu> > Reported-by: Stanisław Pitucha <viraptor@...il.com> > Reported-by: Ilan Cohen <ilanco@...il.com> > Tested-by: Ilan Cohen <ilanco@...il.com> > Reviewed-by: Johannes Thumshirn <jthumshirn@...e.de> > Signed-off-by: James Bottomley <JBottomley@...n.com> > Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists