Re: [PATCH 4.1 70/78] SCSI: Fix NULL pointer dereference in runtime PM

From: Alan Stern
Date: Sat Sep 12 2015 - 13:37:12 EST

Next message: Sudip Mukherjee: "Re: [PATCH 3.10 00/11] 3.10.88-stable review"
Previous message: Shraddha Barke: "[PATCH v3 2/3] Staging: vt6656: Bool tests don't need comparisons"
Next in thread: Greg Kroah-Hartman: "Re: [PATCH 4.1 70/78] SCSI: Fix NULL pointer dereference in runtime PM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 11 Sep 2015, Greg Kroah-Hartman wrote:

> 4.1-stable review patch. If anyone has any objections, please let me know.

It turns out that this patch causes problems with the sr driver. A
reversion and alternate solution have already been submitted to James
Bottomley (http://marc.info/?l=linux-scsi&m=144185206825609&w=2). We
ought to hold off putting it into the -stable kernels.

Alan Stern

> ------------------
>
> From: Alan Stern <stern@xxxxxxxxxxxxxxxxxxx>
>
> commit 49718f0fb8c9af192b33d8af3a2826db04025371 upstream.
>
> The routines in scsi_rpm.c assume that if a runtime-PM callback is
> invoked for a SCSI device, it can only mean that the device's driver
> has asked the block layer to handle the runtime power management (by
> calling blk_pm_runtime_init(), which among other things sets q->dev).
>
> However, this assumption turns out to be wrong for things like the ses
> driver. Normally ses devices are not allowed to do runtime PM, but
> userspace can override this setting. If this happens, the kernel gets
> a NULL pointer dereference when blk_post_runtime_resume() tries to use
> the uninitialized q->dev pointer.
>
> This patch fixes the problem by calling the block layer's runtime-PM
> routines only if the device's driver really does have a runtime-PM
> callback routine. Since ses doesn't define any such callbacks, the
> crash won't occur.
>
> This fixes Bugzilla #101371.
>
> Signed-off-by: Alan Stern <stern@xxxxxxxxxxxxxxxxxxx>
> Reported-by: StanisÅaw Pitucha <viraptor@xxxxxxxxx>
> Reported-by: Ilan Cohen <ilanco@xxxxxxxxx>
> Tested-by: Ilan Cohen <ilanco@xxxxxxxxx>
> Reviewed-by: Johannes Thumshirn <jthumshirn@xxxxxxx>
> Signed-off-by: James Bottomley <JBottomley@xxxxxxxx>
> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Sudip Mukherjee: "Re: [PATCH 3.10 00/11] 3.10.88-stable review"
Previous message: Shraddha Barke: "[PATCH v3 2/3] Staging: vt6656: Bool tests don't need comparisons"
Next in thread: Greg Kroah-Hartman: "Re: [PATCH 4.1 70/78] SCSI: Fix NULL pointer dereference in runtime PM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]