Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp1325649pxu; Mon, 23 Nov 2020 18:37:42 -0800 (PST) X-Google-Smtp-Source: ABdhPJx0pU0UpU5eejVsjQXu7MPtDxorjtmRkJnfJdH/T1JzVdaifBNH/H6+9WJmqhkvgnJ0zsPc X-Received: by 2002:a17:907:2089:: with SMTP id pv9mr2430654ejb.34.1606185462762; Mon, 23 Nov 2020 18:37:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1606185462; cv=none; d=google.com; s=arc-20160816; b=kE2ppZT1y+h970CZwQ7O78mj17HLFJecr0647MHxmq1UoNjMtLpBAZD3WjyerNihQP AGo4Q5hIc33N9zs0hXvaLhO6bDFKrSBUQV4UvmO1iB5NySEY6RcJStP1Mg+0RAJAiZe9 6/whQ7rIrauAt2NUhhON0kdCezVE3RVaHackSRNdPYOtAbeUWy2Al7gIITvjVgp0wcAK o8sJ/sj5wVaUiZjXGKLHpYXhQhHgPpyGi6K4KOdSUG7sCeaGw4VNJRnBvSq0uQ+lHpD/ 7G1/fBA309l436W6fpHM39Idhh0yG8hF90bUIzB8rvUaQ4YTZTlmll4UGRuwiSf0MZLp qctw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=N6R/ZZs1sVYTOJiO1O+wU3FrrwQ2CzGbb5RwPwjOUUg=; b=e0R5MaGfJCqo0qK/eMBzOFLFPcdywUgJ987GauK8tyUv+5KdIAmZjwPUSfurQF+Hfz bjWboRVoVM7DLaQZpKSoIRaRjyK3VcViXnSRRBQ5xwo5br/nQOuRVfYittlIYubfN7p3 XjKfXKGTgpNkPpXvLns6CPJXS9Nqj2FSR6iLLKPkdzlEUeZPqAyUUgBDQgr4fjdVtMce 3p4vbKIoUQ5g3F75Ozt+fabrUSF3VYlCBVHfb3WcVYE866DVshisUAxOaAgVIGbUgS5I Gjjv+aZ43+LfVBBWwKlrA72sR0BGQHBvK5UggkCkAKpGTfKHSueSclmM48nu9ywmYDf/ 4Q7A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=eGiDWMOI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h22si3176623ejd.742.2020.11.23.18.37.16; Mon, 23 Nov 2020 18:37:42 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=eGiDWMOI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732448AbgKWMkT (ORCPT + 99 others); Mon, 23 Nov 2020 07:40:19 -0500 Received: from mail.kernel.org ([198.145.29.99]:52966 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732443AbgKWMkR (ORCPT ); Mon, 23 Nov 2020 07:40:17 -0500 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B71272065E; Mon, 23 Nov 2020 12:40:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1606135217; bh=jUczGZaOyp/m3vsYvk078BiNvDE7dEuLLgs0SyTViYU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=eGiDWMOI8XTUZxOh30HoJHsxk706c5lOyStRs89SnE5X1HRvLPNoogPMWyCuuaYLK QX+wSu1IlusgIbof/OTqL2938wYvGsYRXn0Or6rwHKyTrbC2if05iPjCvc99KhdTlE 5vIVociuw9X2gBiyYKK+tvLPBr6XRluvSnqgeVw0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Stefan Haberland , Jan Hoeppner , Jens Axboe Subject: [PATCH 5.4 147/158] s390/dasd: fix null pointer dereference for ERP requests Date: Mon, 23 Nov 2020 13:22:55 +0100 Message-Id: <20201123121827.019690026@linuxfoundation.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201123121819.943135899@linuxfoundation.org> References: <20201123121819.943135899@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Stefan Haberland commit 6f117cb854a44a79898d844e6ae3fd23bd94e786 upstream. When requeueing all requests on the device request queue to the blocklayer we might get to an ERP (error recovery) request that is a copy of an original CQR. Those requests do not have blocklayer request information or a pointer to the dasd_queue set. When trying to access those data it will lead to a null pointer dereference in dasd_requeue_all_requests(). Fix by checking if the request is an ERP request that can simply be ignored. The blocklayer request will be requeued by the original CQR that is on the device queue right behind the ERP request. Fixes: 9487cfd3430d ("s390/dasd: fix handling of internal requests") Cc: #4.16 Signed-off-by: Stefan Haberland Reviewed-by: Jan Hoeppner Signed-off-by: Jens Axboe Signed-off-by: Greg Kroah-Hartman --- drivers/s390/block/dasd.c | 6 ++++++ 1 file changed, 6 insertions(+) --- a/drivers/s390/block/dasd.c +++ b/drivers/s390/block/dasd.c @@ -2980,6 +2980,12 @@ static int _dasd_requeue_request(struct if (!block) return -EINVAL; + /* + * If the request is an ERP request there is nothing to requeue. + * This will be done with the remaining original request. + */ + if (cqr->refers) + return 0; spin_lock_irq(&cqr->dq->lock); req = (struct request *) cqr->callback_data; blk_mq_requeue_request(req, false);