| From 26cd4d65deba587f3cf2329b6869ce02bcbe68ec Mon Sep 17 00:00:00 2001 |
| From: Xiaotian Feng <xtfeng@gmail.com> |
| Date: Thu, 13 Dec 2012 16:12:18 +0800 |
| Subject: libata: fix Null pointer dereference on disk error |
| |
| From: Xiaotian Feng <xtfeng@gmail.com> |
| |
| commit 26cd4d65deba587f3cf2329b6869ce02bcbe68ec upstream. |
| |
| Following oops were observed when disk error happened: |
| |
| [ 4272.896937] sd 0:0:0:0: [sda] Unhandled error code |
| [ 4272.896939] sd 0:0:0:0: [sda] Result: hostbyte=DID_BAD_TARGET driverbyte=DRIVER_OK |
| [ 4272.896942] sd 0:0:0:0: [sda] CDB: Read(10): 28 00 00 5a de a7 00 00 08 00 |
| [ 4272.896951] end_request: I/O error, dev sda, sector 5955239 |
| [ 4291.574947] BUG: unable to handle kernel NULL pointer dereference at (null) |
| [ 4291.658305] IP: [] ahci_activity_show+0x1/0x40 |
| [ 4291.730090] PGD 76dbbc067 PUD 6c4fba067 PMD 0 |
| [ 4291.783408] Oops: 0000 [#1] SMP |
| [ 4291.822100] last sysfs file: /sys/devices/pci0000:00/0000:00:1f.2/host0/target0:0:0/0:0:0:0/sw_activity |
| [ 4291.934235] CPU 9 |
| [ 4291.958301] Pid: 27942, comm: hwinfo ...... |
| |
| ata_scsi_find_dev could return NULL, so ata_scsi_activity_{show,store} should check if atadev is NULL. |
| |
| Signed-off-by: Xiaotian Feng <dannyfeng@tencent.com> |
| Cc: James Bottomley <JBottomley@Parallels.com> |
| Signed-off-by: Jeff Garzik <jgarzik@redhat.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| drivers/ata/libata-scsi.c | 6 ++++-- |
| 1 file changed, 4 insertions(+), 2 deletions(-) |
| |
| --- a/drivers/ata/libata-scsi.c |
| +++ b/drivers/ata/libata-scsi.c |
| @@ -308,7 +308,8 @@ ata_scsi_activity_show(struct device *de |
| struct ata_port *ap = ata_shost_to_port(sdev->host); |
| struct ata_device *atadev = ata_scsi_find_dev(ap, sdev); |
| |
| - if (ap->ops->sw_activity_show && (ap->flags & ATA_FLAG_SW_ACTIVITY)) |
| + if (atadev && ap->ops->sw_activity_show && |
| + (ap->flags & ATA_FLAG_SW_ACTIVITY)) |
| return ap->ops->sw_activity_show(atadev, buf); |
| return -EINVAL; |
| } |
| @@ -323,7 +324,8 @@ ata_scsi_activity_store(struct device *d |
| enum sw_activity val; |
| int rc; |
| |
| - if (ap->ops->sw_activity_store && (ap->flags & ATA_FLAG_SW_ACTIVITY)) { |
| + if (atadev && ap->ops->sw_activity_store && |
| + (ap->flags & ATA_FLAG_SW_ACTIVITY)) { |
| val = simple_strtoul(buf, NULL, 0); |
| switch (val) { |
| case OFF: case BLINK_ON: case BLINK_OFF: |