summaryrefslogtreecommitdiff
path: root/block/scsi_ioctl.c
diff options
context:
space:
mode:
authorJoe Lawrence <joe.lawrence@stratus.com>2014-07-02 23:35:16 +0400
committerJens Axboe <axboe@fb.com>2014-08-27 01:20:23 +0400
commiteb571eeade2598635f813b3284d02c13a380301e (patch)
tree539842ad23a4eaae8c272278fd9fea389afa6b93 /block/scsi_ioctl.c
parent52addcf9d6669fa439387610bc65c92fa0980cef (diff)
downloadlinux-eb571eeade2598635f813b3284d02c13a380301e.tar.xz
block,scsi: verify return pointer from blk_get_request
The blk-core dead queue checks introduce an error scenario to blk_get_request that returns NULL if the request queue has been shutdown. This affects the behavior for __GFP_WAIT callers, who should verify the return value before dereferencing. Signed-off-by: Joe Lawrence <joe.lawrence@stratus.com> Acked-by: Jiri Kosina <jkosina@suse.cz> [for pktdvd] Reviewed-by: Jeff Moyer <jmoyer@redhat.com> Signed-off-by: Jens Axboe <axboe@fb.com>
Diffstat (limited to 'block/scsi_ioctl.c')
-rw-r--r--block/scsi_ioctl.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c
index 51bf5155ee75..29d056782833 100644
--- a/block/scsi_ioctl.c
+++ b/block/scsi_ioctl.c
@@ -448,6 +448,10 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode,
}
rq = blk_get_request(q, in_len ? WRITE : READ, __GFP_WAIT);
+ if (!rq) {
+ err = -ENODEV;
+ goto error_free_buffer;
+ }
cmdlen = COMMAND_SIZE(opcode);
@@ -520,8 +524,9 @@ out:
}
error:
- kfree(buffer);
blk_put_request(rq);
+error_free_buffer:
+ kfree(buffer);
return err;
}
EXPORT_SYMBOL_GPL(sg_scsi_ioctl);
@@ -534,6 +539,8 @@ static int __blk_send_generic(struct request_queue *q, struct gendisk *bd_disk,
int err;
rq = blk_get_request(q, WRITE, __GFP_WAIT);
+ if (!rq)
+ return -ENODEV;
blk_rq_set_block_pc(rq);
rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
rq->cmd[0] = cmd;