| From 6f117cb854a44a79898d844e6ae3fd23bd94e786 Mon Sep 17 00:00:00 2001 |
| From: Stefan Haberland <sth@linux.ibm.com> |
| Date: Mon, 16 Nov 2020 16:23:47 +0100 |
| Subject: s390/dasd: fix null pointer dereference for ERP requests |
| |
| From: Stefan Haberland <sth@linux.ibm.com> |
| |
| commit 6f117cb854a44a79898d844e6ae3fd23bd94e786 upstream. |
| |
| When requeueing all requests on the device request queue to the blocklayer |
| we might get to an ERP (error recovery) request that is a copy of an |
| original CQR. |
| |
| Those requests do not have blocklayer request information or a pointer to |
| the dasd_queue set. When trying to access those data it will lead to a |
| null pointer dereference in dasd_requeue_all_requests(). |
| |
| Fix by checking if the request is an ERP request that can simply be |
| ignored. The blocklayer request will be requeued by the original CQR that |
| is on the device queue right behind the ERP request. |
| |
| Fixes: 9487cfd3430d ("s390/dasd: fix handling of internal requests") |
| Cc: <stable@vger.kernel.org> #4.16 |
| Signed-off-by: Stefan Haberland <sth@linux.ibm.com> |
| Reviewed-by: Jan Hoeppner <hoeppner@linux.ibm.com> |
| Signed-off-by: Jens Axboe <axboe@kernel.dk> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| drivers/s390/block/dasd.c | 6 ++++++ |
| 1 file changed, 6 insertions(+) |
| |
| --- a/drivers/s390/block/dasd.c |
| +++ b/drivers/s390/block/dasd.c |
| @@ -2833,6 +2833,12 @@ static int _dasd_requeue_request(struct |
| |
| if (!block) |
| return -EINVAL; |
| + /* |
| + * If the request is an ERP request there is nothing to requeue. |
| + * This will be done with the remaining original request. |
| + */ |
| + if (cqr->refers) |
| + return 0; |
| spin_lock_irq(&cqr->dq->lock); |
| req = (struct request *) cqr->callback_data; |
| blk_mq_requeue_request(req, false); |