* [PATCH 1/2] scsi_transport_fc: fix NULL pointer dereference in fc_bsg_job_timeout [not found] <20170906101109.9270-1-hch@lst.de> @ 2017-09-06 10:11 ` Christoph Hellwig 2017-09-06 10:59 ` Ming Lei 2017-09-06 10:11 ` [PATCH 2/2] bsg-lib: don't free job in bsg_prepare_job Christoph Hellwig 1 sibling, 1 reply; 4+ messages in thread From: Christoph Hellwig @ 2017-09-06 10:11 UTC (permalink / raw) To: axboe; +Cc: linux-block, linux-scsi, stable bsg-lib now embeddeds the job structure into the request, and req->special can't be used anymore. Signed-off-by: Christoph Hellwig <hch@lst.de> Cc: stable@vger.kernel.org --- drivers/scsi/scsi_transport_fc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/scsi_transport_fc.c b/drivers/scsi/scsi_transport_fc.c index 3c6bc0081fcb..d8de46806a1e 100644 --- a/drivers/scsi/scsi_transport_fc.c +++ b/drivers/scsi/scsi_transport_fc.c @@ -3571,7 +3571,7 @@ fc_vport_sched_delete(struct work_struct *work) static enum blk_eh_timer_return fc_bsg_job_timeout(struct request *req) { - struct bsg_job *job = (void *) req->special; + struct bsg_job *job = blk_mq_rq_to_pdu(req->special); struct Scsi_Host *shost = fc_bsg_to_shost(job); struct fc_rport *rport = fc_bsg_to_rport(job); struct fc_internal *i = to_fc_internal(shost->transportt); -- 2.11.0 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 1/2] scsi_transport_fc: fix NULL pointer dereference in fc_bsg_job_timeout 2017-09-06 10:11 ` [PATCH 1/2] scsi_transport_fc: fix NULL pointer dereference in fc_bsg_job_timeout Christoph Hellwig @ 2017-09-06 10:59 ` Ming Lei 2017-09-06 11:36 ` Christoph Hellwig 0 siblings, 1 reply; 4+ messages in thread From: Ming Lei @ 2017-09-06 10:59 UTC (permalink / raw) To: Christoph Hellwig; +Cc: Jens Axboe, linux-block, Linux SCSI List, stable On Wed, Sep 6, 2017 at 6:11 PM, Christoph Hellwig <hch@lst.de> wrote: > bsg-lib now embeddeds the job structure into the request, and req->special > can't be used anymore. > > Signed-off-by: Christoph Hellwig <hch@lst.de> > Cc: stable@vger.kernel.org > --- > drivers/scsi/scsi_transport_fc.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/scsi/scsi_transport_fc.c b/drivers/scsi/scsi_transport_fc.c > index 3c6bc0081fcb..d8de46806a1e 100644 > --- a/drivers/scsi/scsi_transport_fc.c > +++ b/drivers/scsi/scsi_transport_fc.c > @@ -3571,7 +3571,7 @@ fc_vport_sched_delete(struct work_struct *work) > static enum blk_eh_timer_return > fc_bsg_job_timeout(struct request *req) > { > - struct bsg_job *job = (void *) req->special; > + struct bsg_job *job = blk_mq_rq_to_pdu(req->special); still req->special? -- Ming Lei ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 1/2] scsi_transport_fc: fix NULL pointer dereference in fc_bsg_job_timeout 2017-09-06 10:59 ` Ming Lei @ 2017-09-06 11:36 ` Christoph Hellwig 0 siblings, 0 replies; 4+ messages in thread From: Christoph Hellwig @ 2017-09-06 11:36 UTC (permalink / raw) To: Ming Lei Cc: Christoph Hellwig, Jens Axboe, linux-block, Linux SCSI List, stable On Wed, Sep 06, 2017 at 06:59:39PM +0800, Ming Lei wrote: > On Wed, Sep 6, 2017 at 6:11 PM, Christoph Hellwig <hch@lst.de> wrote: > > bsg-lib now embeddeds the job structure into the request, and req->special > > can't be used anymore. > > > > Signed-off-by: Christoph Hellwig <hch@lst.de> > > Cc: stable@vger.kernel.org > > --- > > drivers/scsi/scsi_transport_fc.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/drivers/scsi/scsi_transport_fc.c b/drivers/scsi/scsi_transport_fc.c > > index 3c6bc0081fcb..d8de46806a1e 100644 > > --- a/drivers/scsi/scsi_transport_fc.c > > +++ b/drivers/scsi/scsi_transport_fc.c > > @@ -3571,7 +3571,7 @@ fc_vport_sched_delete(struct work_struct *work) > > static enum blk_eh_timer_return > > fc_bsg_job_timeout(struct request *req) > > { > > - struct bsg_job *job = (void *) req->special; > > + struct bsg_job *job = blk_mq_rq_to_pdu(req->special); > > still req->special? Meh, sent out before the rebase finished - I'll fix it up. ^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 2/2] bsg-lib: don't free job in bsg_prepare_job [not found] <20170906101109.9270-1-hch@lst.de> 2017-09-06 10:11 ` [PATCH 1/2] scsi_transport_fc: fix NULL pointer dereference in fc_bsg_job_timeout Christoph Hellwig @ 2017-09-06 10:11 ` Christoph Hellwig 1 sibling, 0 replies; 4+ messages in thread From: Christoph Hellwig @ 2017-09-06 10:11 UTC (permalink / raw) To: axboe; +Cc: linux-block, linux-scsi, stable The job structure is allocated as part of the request, so we should not free it in the error path of bsg_prepare_job. Signed-off-by: Christoph Hellwig <hch@lst.de> Cc: stable@vger.kernel.org --- block/bsg-lib.c | 1 - 1 file changed, 1 deletion(-) diff --git a/block/bsg-lib.c b/block/bsg-lib.c index c82408c7cc3c..dbddff8174e5 100644 --- a/block/bsg-lib.c +++ b/block/bsg-lib.c @@ -154,7 +154,6 @@ static int bsg_prepare_job(struct device *dev, struct request *req) failjob_rls_rqst_payload: kfree(job->request_payload.sg_list); failjob_rls_job: - kfree(job); return -ENOMEM; } -- 2.11.0 ^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-09-06 11:36 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20170906101109.9270-1-hch@lst.de>
2017-09-06 10:11 ` [PATCH 1/2] scsi_transport_fc: fix NULL pointer dereference in fc_bsg_job_timeout Christoph Hellwig
2017-09-06 10:59 ` Ming Lei
2017-09-06 11:36 ` Christoph Hellwig
2017-09-06 10:11 ` [PATCH 2/2] bsg-lib: don't free job in bsg_prepare_job Christoph Hellwig
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).