From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from aserp2130.oracle.com ([141.146.126.79]:51554 "EHLO
        aserp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751554AbdLLC6F (ORCPT
        <rfc822;stable@vger.kernel.org>); Mon, 11 Dec 2017 21:58:05 -0500
To: Bart Van Assche <bart.vanassche@wdc.com>
Cc: Jens Axboe <axboe@kernel.dk>, linux-block@vger.kernel.org,
        linux-scsi@vger.kernel.org, Christoph Hellwig <hch@lst.de>,
        "James E . J . Bottomley" <jejb@linux.vnet.ibm.com>,
        "Martin K . Petersen" <martin.petersen@oracle.com>,
        Ming Lei <ming.lei@redhat.com>,
        Hannes Reinecke <hare@suse.com>,
        Johannes Thumshirn <jthumshirn@suse.de>, stable@vger.kernel.org
Subject: Re: [PATCH v2 1/3] scsi: Fix a scsi_show_rq() NULL pointer dereference
From: "Martin K. Petersen" <martin.petersen@oracle.com>
References: <20171206005753.28734-1-bart.vanassche@wdc.com>
        <20171206005753.28734-2-bart.vanassche@wdc.com>
Date: Mon, 11 Dec 2017 21:57:46 -0500
In-Reply-To: <20171206005753.28734-2-bart.vanassche@wdc.com> (Bart Van
        Assche's message of "Tue, 5 Dec 2017 16:57:51 -0800")
Message-ID: <yq1zi6ops9h.fsf@oracle.com>
MIME-Version: 1.0
Content-Type: text/plain
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>


Bart,

> Avoid that scsi_show_rq() triggers a NULL pointer dereference if
> called after sd_uninit_command(). Swap the NULL pointer assignment
> and the mempool_free() call in sd_uninit_command() to make it less
> likely that scsi_show_rq() triggers a use-after-free. Note: even
> with these changes scsi_show_rq() can trigger a use-after-free but
> that's a lesser evil than e.g. suppressing debug information for
> T10-PI commands completely. This patch fixes the following oops:

Applied to 4.15/scsi-fixes. Thanks, Bart.

-- 
Martin K. Petersen	Oracle Linux Engineering