Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753267AbbLCSjf (ORCPT <rfc822;w@1wt.eu>);
	Thu, 3 Dec 2015 13:39:35 -0500
Received: from mail-oi0-f44.google.com ([209.85.218.44]:35281 "EHLO
	mail-oi0-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753239AbbLCSj3 (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 3 Dec 2015 13:39:29 -0500
Subject: Re: [PATCH 2/2] SCSI: Fix NULL pointer dereference in runtime PM
To: Ken Xue <ken.xue@amd.com>, linux-scsi@vger.kernel.org,
        linux-block@vger.kernel.org, stable@vger.kernel.org,
        linux-kernel@vger.kernel.org
References: <1448952346.3603.18.camel@kxue-X58A-UD3R>
Cc: Xiangliang.Yu@amd.com, stern@rowland.harvard.edu, JBottomley@Odin.com,
        SPG_Linux_Kernel@amd.com, michael.terry@canonical.com
From: Jens Axboe <axboe@kernel.dk>
Message-ID: <56608C5D.9080709@kernel.dk>
Date: Thu, 3 Dec 2015 11:39:25 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.4.0
MIME-Version: 1.0
In-Reply-To: <1448952346.3603.18.camel@kxue-X58A-UD3R>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1321
Lines: 33

On 11/30/2015 11:45 PM, Ken Xue wrote:
> The routines in scsi_pm.c assume that if a runtime-PM callback is
> invoked for a SCSI device, it can only mean that the device's driver
> has asked the block layer to handle the runtime power management (by
> calling blk_pm_runtime_init(), which among other things sets q->dev).
>
> However, this assumption turns out to be wrong for things like the ses
> driver.  Normally ses devices are not allowed to do runtime PM, but
> userspace can override this setting.  If this happens, the kernel gets
> a NULL pointer dereference when blk_post_runtime_resume() tries to use
> the uninitialized q->dev pointer.
>
> This patch fixes the problem by checking q->dev in block layer before
> handle runtime PM. Since ses doesn't define any PM callbacks and call
> blk_pm_runtime_init(), the crash won't occur.
>
> This fixes Bugzilla #101371.
> https://bugzilla.kernel.org/show_bug.cgi?id=101371
>
> More discussion can be found from below link.
> http://marc.info/?l=linux-scsi&m=144163730531875&w=2
>

Added for 4.4, thanks.

-- 
Jens Axboe

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/