RE: [PATCH] scsi: storvsc_device_destroy NULL pointer fix
From: KY Srinivasan
Date: Thu Feb 27 2014 - 21:08:37 EST
> -----Original Message-----
> From: Ales Novak [mailto:alnovak@xxxxxxx]
> Sent: Thursday, February 27, 2014 2:04 AM
> To: KY Srinivasan; James E.J. Bottomley
> Cc: linux-scsi@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx;
> jkosina@xxxxxxx; Ales Novak; Thomas Abraham
> Subject: [PATCH] scsi: storvsc_device_destroy NULL pointer fix
>
> If the initialization of storvsc fails, the storvsc_device_destroy() causes NULL
> pointer dereference.
>
> storvsc_bus_scan()
> scsi_scan_target()
> __scsi_scan_target()
> scsi_probe_and_add_lun(hostdata=NULL)
> scsi_alloc_sdev(hostdata=NULL)
>
> sdev->hostdata = hostdata
>
> now the host allocation fails
>
> __scsi_remove_device(sdev)
>
> calls sdev->host->hostt->slave_destroy() ==
> storvsc_device_destroy(sdev)
> access of sdev->hostdata->request_mempool
>
> Signed-off-by: Ales Novak <alnovak@xxxxxxx>
> Signed-off-by: Thomas Abraham <tabraham@xxxxxxxx>
> Acked-by: Jiri Kosina <jkosina@xxxxxxx>
Signed-off-by: K. Y. Srinivasan <kys@xxxxxxxxxxxxx>
> ---
> drivers/scsi/storvsc_drv.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/scsi/storvsc_drv.c b/drivers/scsi/storvsc_drv.c index
> 17d7404..9969fa1 100644
> --- a/drivers/scsi/storvsc_drv.c
> +++ b/drivers/scsi/storvsc_drv.c
> @@ -1419,6 +1419,9 @@ static void storvsc_device_destroy(struct
> scsi_device *sdevice) {
> struct stor_mem_pools *memp = sdevice->hostdata;
>
> + if (!memp)
> + return;
> +
> mempool_destroy(memp->request_mempool);
> kmem_cache_destroy(memp->request_pool);
> kfree(memp);
> --
> 1.8.1.4
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/