| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 May 2017 09:41:39 +0200
From: Johannes Thumshirn <jthumshirn@...e.de>
To: "Martin K . Petersen" <martin.petersen@...cle.com>
Cc: James Bottomley <jejb@...ux.vnet.ibm.com>,
Andrey Konovalov <andreyknvl@...gle.com>,
Linux Kernel Mailinglist <linux-kernel@...r.kernel.org>,
Linux SCSI Mailinglist <linux-scsi@...r.kernel.org>,
Johannes Thumshirn <jthumshirn@...e.de>,
Hannes Reinecke <hare@...e.de>, Christoph Hellwig <hch@....de>,
Doug Gilbert <dgilbert@...erlog.com>
Subject: [PATCH] scsi: sg: don't return bogus Sg_requests
If the list search in sg_get_rq_mark() fails to find a valid request, we
return a bogus element. This then can later lead to a GPF in sg_remove_scat().
So don't return bogus Sg_requests in sg_get_rq_mark() but NULL in case the
list search doesn't find a valid request.
Signed-off-by: Johannes Thumshirn <jthumshirn@...e.de>
Reported-by: Andrey Konovalov <andreyknvl@...gle.com>
Cc: Hannes Reinecke <hare@...e.de>
Cc: Christoph Hellwig <hch@....de>
Cc: Doug Gilbert <dgilbert@...erlog.com>
---
drivers/scsi/sg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
index 0a38ba01b7b4..abfde23fa186 100644
--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c
@@ -2078,7 +2078,7 @@ sg_get_rq_mark(Sg_fd * sfp, int pack_id)
}
}
write_unlock_irqrestore(&sfp->rq_list_lock, iflags);
- return resp;
+ return (resp->done == 2) ? resp : NULL;
}
/* always adds to end of list */
--
2.12.0
Powered by blists - more mailing lists