Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp1254522pxu; Mon, 23 Nov 2020 16:06:39 -0800 (PST) X-Google-Smtp-Source: ABdhPJwaewGK6ntyC1uWlwU+iSs817Y4Q9+ICUn7C7WV35lql2Zd95fHzibyJwzAooC0hujzUaLk X-Received: by 2002:a05:6402:553:: with SMTP id i19mr1596787edx.194.1606176398869; Mon, 23 Nov 2020 16:06:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1606176398; cv=none; d=google.com; s=arc-20160816; b=ckLh1R8kYRKVMTDHnx0qQTXA6YnS2rK1AtYORSJY+xSsI9G6usJreNw1s93Qo0U13y lJNnJccM1U22yZFUJ3GBdhtKMsPmZIJC85lsziziRKzdqRFPMDQdwizhECn7nzsQZmq/ GcRl3Ux3CRVBufKL38pbY/4xUUWGWnuiqvN6Yyvsl9Mliph9qWbSTEvm3Em/N1CnfcrP rdjZM/29cQlb1FPg29lG7AddxBKbLiTsSFUEa203ZOcHTS4cZN+l2PZfl056KUK6auhN J6v6MEYg07mrwDbdm1bAKqEd2anJDrZc70OW4gV+bLup8UpycKM0CUl1ernUT4NA2hkk S8fw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=UBXFuAc/EQcrS+PzC3aCMZkhDuNuLBZVsUr5ugcr108=; b=0xeHmP3V/vNmYnhehGCO2H8xMOiycnoUK0Zm8hT1Xmof0U5p3Voplr6Wme7anc9mVG zlIblKEYz3gOUaZCJiBH7OvN7cSpN34zuH3Mtz6shgkhke+b0tkyy6cFE4r7twfT/skn x1IeO7UJW+EEl1G7kEiFzhs2p6BXGVpn2bYq7Fw/a0wzZ0kb/k290fXDjksRgApg1/AV 4B0qj+MitH/il795+9PGMS97NyyxugNhO1G+hpnTSIYxzVn5L4afhw/MGSEdlyofbCjh sqRqoLunMB4Y87x8KmZFMWvNnS7EvAw+odDXDiYaGODhiF1J9xTUZ3/LUNYA2DpKhX70 /kgg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=zuj38Vqw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id qt18si7200707ejb.602.2020.11.23.16.06.16; Mon, 23 Nov 2020 16:06:38 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=zuj38Vqw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389112AbgKWNZV (ORCPT + 99 others); Mon, 23 Nov 2020 08:25:21 -0500 Received: from mail.kernel.org ([198.145.29.99]:44818 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731201AbgKWMdW (ORCPT ); Mon, 23 Nov 2020 07:33:22 -0500 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9732F2065E; Mon, 23 Nov 2020 12:33:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1606134802; bh=C7Hi/j+sT6uRjChEQkAIbxhoq7Od5Wrx1G5HbFvn2Ww=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=zuj38VqwW7qE6XWXHhISD7lUL1VVaHCKxVTQ+PcQWlRmQlyYKiF8RvRZtWPOdwuNh 8geJJ8hANrZG/tXfdyfmtjskVgLwTN9yhzc3IIgwBsLnFkLBcD4WrPVJv4KI/Erckh 2HjNZHGtlCQt4Xe+u/wfbPZyrwvN6Ka22e5EwLBo= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Stefan Haberland , Jan Hoeppner , Jens Axboe Subject: [PATCH 4.19 87/91] s390/dasd: fix null pointer dereference for ERP requests Date: Mon, 23 Nov 2020 13:22:47 +0100 Message-Id: <20201123121813.545971397@linuxfoundation.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201123121809.285416732@linuxfoundation.org> References: <20201123121809.285416732@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Stefan Haberland commit 6f117cb854a44a79898d844e6ae3fd23bd94e786 upstream. When requeueing all requests on the device request queue to the blocklayer we might get to an ERP (error recovery) request that is a copy of an original CQR. Those requests do not have blocklayer request information or a pointer to the dasd_queue set. When trying to access those data it will lead to a null pointer dereference in dasd_requeue_all_requests(). Fix by checking if the request is an ERP request that can simply be ignored. The blocklayer request will be requeued by the original CQR that is on the device queue right behind the ERP request. Fixes: 9487cfd3430d ("s390/dasd: fix handling of internal requests") Cc: #4.16 Signed-off-by: Stefan Haberland Reviewed-by: Jan Hoeppner Signed-off-by: Jens Axboe Signed-off-by: Greg Kroah-Hartman --- drivers/s390/block/dasd.c | 6 ++++++ 1 file changed, 6 insertions(+) --- a/drivers/s390/block/dasd.c +++ b/drivers/s390/block/dasd.c @@ -2833,6 +2833,12 @@ static int _dasd_requeue_request(struct if (!block) return -EINVAL; + /* + * If the request is an ERP request there is nothing to requeue. + * This will be done with the remaining original request. + */ + if (cqr->refers) + return 0; spin_lock_irq(&cqr->dq->lock); req = (struct request *) cqr->callback_data; blk_mq_requeue_request(req, false);