block,scsi: verify return pointer from blk_get_request

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The blk-core dead queue checks introduce an error scenario to
blk_get_request that returns NULL if the request queue has been
shutdown. This affects the behavior for __GFP_WAIT callers, who should
verify the return value before dereferencing.

Signed-off-by: Joe Lawrence <joe.lawrence@stratus.com>
Acked-by: Jiri Kosina <jkosina@suse.cz> [for pktdvd]
Reviewed-by: Jeff Moyer <jmoyer@redhat.com>
Signed-off-by: Jens Axboe <axboe@fb.com>

authored by

Joe Lawrence and committed by

Jens Axboe 11 years ago eb571eea 52addcf9

+14 -1

4 changed files

expand all

block

scsi_ioctl.c

drivers

block

paride

pd.c

pktcdvd.c

scsi

scsi_error.c

+8 -1

block/scsi_ioctl.c

··· 448 448 } 449 449 450 450 rq = blk_get_request(q, in_len ? WRITE : READ, __GFP_WAIT); 451 + if (!rq) { 452 + err = -ENODEV; 453 + goto error_free_buffer; 454 + } 451 455 452 456 cmdlen = COMMAND_SIZE(opcode); 453 457 ··· 524 520 } 525 521 526 522 error: 527 - kfree(buffer); 528 523 blk_put_request(rq); 524 + error_free_buffer: 525 + kfree(buffer); 529 526 return err; 530 527 } 531 528 EXPORT_SYMBOL_GPL(sg_scsi_ioctl); ··· 539 534 int err; 540 535 541 536 rq = blk_get_request(q, WRITE, __GFP_WAIT); 537 + if (!rq) 538 + return -ENODEV; 542 539 blk_rq_set_block_pc(rq); 543 540 rq->timeout = BLK_DEFAULT_SG_TIMEOUT; 544 541 rq->cmd[0] = cmd;

drivers/block/paride/pd.c

··· 722 722 int err = 0; 723 723 724 724 rq = blk_get_request(disk->gd->queue, READ, __GFP_WAIT); 725 + if (!rq) 726 + return -ENODEV; 725 727 726 728 rq->cmd_type = REQ_TYPE_SPECIAL; 727 729 rq->special = func;

drivers/block/pktcdvd.c

··· 704 704 705 705 rq = blk_get_request(q, (cgc->data_direction == CGC_DATA_WRITE) ? 706 706 WRITE : READ, __GFP_WAIT); 707 + if (!rq) 708 + return -ENODEV; 707 709 blk_rq_set_block_pc(rq); 708 710 709 711 if (cgc->buflen) {

drivers/scsi/scsi_error.c

··· 1960 1960 * request becomes available 1961 1961 */ 1962 1962 req = blk_get_request(sdev->request_queue, READ, GFP_KERNEL); 1963 + if (!req) 1964 + return; 1963 1965 1964 1966 blk_rq_set_block_pc(req); 1965 1967