public inbox for linux-mmc@vger.kernel.org
 help / color / mirror / Atom feed
* [PATCH] mmc: block: blk-mq: Potential NULL deref on mmc_blk_alloc_req() failure
@ 2017-12-08 11:55 Dan Carpenter
  2017-12-08 12:02 ` Adrian Hunter
  2017-12-11 12:29 ` Ulf Hansson
  0 siblings, 2 replies; 3+ messages in thread
From: Dan Carpenter @ 2017-12-08 11:55 UTC (permalink / raw)
  To: Ulf Hansson, Adrian Hunter
  Cc: Linus Walleij, Shawn Lin, linux-mmc, kernel-janitors

mmc_blk_alloc_req() is supposed to return error pointers but there is
one path where we forget to set the error code and accidentally return
NULL.  The callers are not expecting that and will have a NULL pointer
dereference.

Fixes: 23da8bed11f2 ("mmc: block: Simplify cleaning up the queue")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c
index ab384ba6cb37..6af2b660b1f7 100644
--- a/drivers/mmc/core/block.c
+++ b/drivers/mmc/core/block.c
@@ -3037,6 +3037,7 @@ static struct mmc_blk_data *mmc_blk_alloc_req(struct mmc_card *card,
 	 */
 	if (!blk_get_queue(md->queue.queue)) {
 		mmc_cleanup_queue(&md->queue);
+		ret = -ENODEV;
 		goto err_putdisk;
 	}
 

^ permalink raw reply related	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-12-11 12:29 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-12-08 11:55 [PATCH] mmc: block: blk-mq: Potential NULL deref on mmc_blk_alloc_req() failure Dan Carpenter
2017-12-08 12:02 ` Adrian Hunter
2017-12-11 12:29 ` Ulf Hansson

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox