Message ID | 1511271770-3444-3-git-send-email-adrian.hunter@intel.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
On Tue, Nov 21, 2017 at 2:42 PM, Adrian Hunter <adrian.hunter@intel.com> wrote: > blk_get_request() can fail, always check the return value. > > Fixes: 0493f6fe5bde ("mmc: block: Move boot partition locking into a driver op") > Fixes: 3ecd8cf23f88 ("mmc: block: move multi-ioctl() to use block layer") > Fixes: 614f0388f580 ("mmc: block: move single ioctl() commands to block requests") > Fixes: 627c3ccfb46a ("mmc: debugfs: Move block debugfs into block module") > Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Reviewed-by: Linus Walleij <linus.walleij@linaro.org> This should also go into fixes I think. I guess this particular sloppiness was due to modeling the code on drivers/ide/* which doesn't check the return value either. I should go and fix that :/ Yours, Linus Walleij
On 21 November 2017 at 14:42, Adrian Hunter <adrian.hunter@intel.com> wrote: > blk_get_request() can fail, always check the return value. > > Fixes: 0493f6fe5bde ("mmc: block: Move boot partition locking into a driver op") > Fixes: 3ecd8cf23f88 ("mmc: block: move multi-ioctl() to use block layer") > Fixes: 614f0388f580 ("mmc: block: move single ioctl() commands to block requests") > Fixes: 627c3ccfb46a ("mmc: debugfs: Move block debugfs into block module") > Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Thanks, applied for fixes and added a stable tag! Kind regards Uffe > --- > drivers/mmc/core/block.c | 20 +++++++++++++++++++- > 1 file changed, 19 insertions(+), 1 deletion(-) > > diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c > index f60939858586..4a319ddbd956 100644 > --- a/drivers/mmc/core/block.c > +++ b/drivers/mmc/core/block.c > @@ -233,6 +233,10 @@ static ssize_t power_ro_lock_store(struct device *dev, > > /* Dispatch locking to the block layer */ > req = blk_get_request(mq->queue, REQ_OP_DRV_OUT, __GFP_RECLAIM); > + if (IS_ERR(req)) { > + count = PTR_ERR(req); > + goto out_put; > + } > req_to_mmc_queue_req(req)->drv_op = MMC_DRV_OP_BOOT_WP; > blk_execute_rq(mq->queue, NULL, req, 0); > ret = req_to_mmc_queue_req(req)->drv_op_result; > @@ -249,7 +253,7 @@ static ssize_t power_ro_lock_store(struct device *dev, > set_disk_ro(part_md->disk, 1); > } > } > - > +out_put: > mmc_blk_put(md); > return count; > } > @@ -625,6 +629,10 @@ static int mmc_blk_ioctl_cmd(struct mmc_blk_data *md, > req = blk_get_request(mq->queue, > idata->ic.write_flag ? REQ_OP_DRV_OUT : REQ_OP_DRV_IN, > __GFP_RECLAIM); > + if (IS_ERR(req)) { > + err = PTR_ERR(req); > + goto cmd_done; > + } > idatas[0] = idata; > req_to_mmc_queue_req(req)->drv_op = > rpmb ? MMC_DRV_OP_IOCTL_RPMB : MMC_DRV_OP_IOCTL; > @@ -692,6 +700,10 @@ static int mmc_blk_ioctl_multi_cmd(struct mmc_blk_data *md, > req = blk_get_request(mq->queue, > idata[0]->ic.write_flag ? REQ_OP_DRV_OUT : REQ_OP_DRV_IN, > __GFP_RECLAIM); > + if (IS_ERR(req)) { > + err = PTR_ERR(req); > + goto cmd_err; > + } > req_to_mmc_queue_req(req)->drv_op = > rpmb ? MMC_DRV_OP_IOCTL_RPMB : MMC_DRV_OP_IOCTL; > req_to_mmc_queue_req(req)->drv_op_data = idata; > @@ -2551,6 +2563,8 @@ static int mmc_dbg_card_status_get(void *data, u64 *val) > > /* Ask the block layer about the card status */ > req = blk_get_request(mq->queue, REQ_OP_DRV_IN, __GFP_RECLAIM); > + if (IS_ERR(req)) > + return PTR_ERR(req); > req_to_mmc_queue_req(req)->drv_op = MMC_DRV_OP_GET_CARD_STATUS; > blk_execute_rq(mq->queue, NULL, req, 0); > ret = req_to_mmc_queue_req(req)->drv_op_result; > @@ -2585,6 +2599,10 @@ static int mmc_ext_csd_open(struct inode *inode, struct file *filp) > > /* Ask the block layer for the EXT CSD */ > req = blk_get_request(mq->queue, REQ_OP_DRV_IN, __GFP_RECLAIM); > + if (IS_ERR(req)) { > + err = PTR_ERR(req); > + goto out_free; > + } > req_to_mmc_queue_req(req)->drv_op = MMC_DRV_OP_GET_EXT_CSD; > req_to_mmc_queue_req(req)->drv_op_data = &ext_csd; > blk_execute_rq(mq->queue, NULL, req, 0); > -- > 1.9.1 >
diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c index f60939858586..4a319ddbd956 100644 --- a/drivers/mmc/core/block.c +++ b/drivers/mmc/core/block.c @@ -233,6 +233,10 @@ static ssize_t power_ro_lock_store(struct device *dev, /* Dispatch locking to the block layer */ req = blk_get_request(mq->queue, REQ_OP_DRV_OUT, __GFP_RECLAIM); + if (IS_ERR(req)) { + count = PTR_ERR(req); + goto out_put; + } req_to_mmc_queue_req(req)->drv_op = MMC_DRV_OP_BOOT_WP; blk_execute_rq(mq->queue, NULL, req, 0); ret = req_to_mmc_queue_req(req)->drv_op_result; @@ -249,7 +253,7 @@ static ssize_t power_ro_lock_store(struct device *dev, set_disk_ro(part_md->disk, 1); } } - +out_put: mmc_blk_put(md); return count; } @@ -625,6 +629,10 @@ static int mmc_blk_ioctl_cmd(struct mmc_blk_data *md, req = blk_get_request(mq->queue, idata->ic.write_flag ? REQ_OP_DRV_OUT : REQ_OP_DRV_IN, __GFP_RECLAIM); + if (IS_ERR(req)) { + err = PTR_ERR(req); + goto cmd_done; + } idatas[0] = idata; req_to_mmc_queue_req(req)->drv_op = rpmb ? MMC_DRV_OP_IOCTL_RPMB : MMC_DRV_OP_IOCTL; @@ -692,6 +700,10 @@ static int mmc_blk_ioctl_multi_cmd(struct mmc_blk_data *md, req = blk_get_request(mq->queue, idata[0]->ic.write_flag ? REQ_OP_DRV_OUT : REQ_OP_DRV_IN, __GFP_RECLAIM); + if (IS_ERR(req)) { + err = PTR_ERR(req); + goto cmd_err; + } req_to_mmc_queue_req(req)->drv_op = rpmb ? MMC_DRV_OP_IOCTL_RPMB : MMC_DRV_OP_IOCTL; req_to_mmc_queue_req(req)->drv_op_data = idata; @@ -2551,6 +2563,8 @@ static int mmc_dbg_card_status_get(void *data, u64 *val) /* Ask the block layer about the card status */ req = blk_get_request(mq->queue, REQ_OP_DRV_IN, __GFP_RECLAIM); + if (IS_ERR(req)) + return PTR_ERR(req); req_to_mmc_queue_req(req)->drv_op = MMC_DRV_OP_GET_CARD_STATUS; blk_execute_rq(mq->queue, NULL, req, 0); ret = req_to_mmc_queue_req(req)->drv_op_result; @@ -2585,6 +2599,10 @@ static int mmc_ext_csd_open(struct inode *inode, struct file *filp) /* Ask the block layer for the EXT CSD */ req = blk_get_request(mq->queue, REQ_OP_DRV_IN, __GFP_RECLAIM); + if (IS_ERR(req)) { + err = PTR_ERR(req); + goto out_free; + } req_to_mmc_queue_req(req)->drv_op = MMC_DRV_OP_GET_EXT_CSD; req_to_mmc_queue_req(req)->drv_op_data = &ext_csd; blk_execute_rq(mq->queue, NULL, req, 0);
blk_get_request() can fail, always check the return value. Fixes: 0493f6fe5bde ("mmc: block: Move boot partition locking into a driver op") Fixes: 3ecd8cf23f88 ("mmc: block: move multi-ioctl() to use block layer") Fixes: 614f0388f580 ("mmc: block: move single ioctl() commands to block requests") Fixes: 627c3ccfb46a ("mmc: debugfs: Move block debugfs into block module") Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> --- drivers/mmc/core/block.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-)