[kernel/f17] Patch to prevent NULL pointer dereference in sd_revalidate_disk (rhbz 754518)

Josh Boyer jwboyer at fedoraproject.org
Fri Feb 10 20:02:51 UTC 2012 

commit beef0e952df550ecfc73299f105c65b9b7b04529
Author: Josh Boyer <jwboyer at redhat.com>
Date:   Fri Feb 10 14:56:13 2012 -0500

    Patch to prevent NULL pointer dereference in sd_revalidate_disk (rhbz 754518)

 kernel.spec                                        |    9 ++++++++
 ...sd_revalidate_disk-prevent-NULL-ptr-deref.patch |   22 ++++++++++++++++++++
 2 files changed, 31 insertions(+), 0 deletions(-)
---
diff --git a/kernel.spec b/kernel.spec
index 1e68e54..4804aaf 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -754,6 +754,9 @@ Patch21233: jbd2-clear-BH_Delay-and-BH_Unwritten-in-journal_unmap_buf.patch
 #rhbz 787373
 Patch21234: Bluetooth-Remove-bogus-inline-decl-from-l2cap_chan_connect.patch
 
+#rhbz 754518
+Patch21235: scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
+
 # compat-wireless patches
 Patch50000: compat-wireless-config-fixups.patch
 Patch50001: compat-wireless-pr_fmt-warning-avoidance.patch
@@ -1456,6 +1459,9 @@ ApplyPatch jbd2-clear-BH_Delay-and-BH_Unwritten-in-journal_unmap_buf.patch
 #rhbz 787373
 ApplyPatch Bluetooth-Remove-bogus-inline-decl-from-l2cap_chan_connect.patch
 
+#rhbz 754518
+ApplyPatch scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -2336,6 +2342,9 @@ fi
 #    '-'      |  |
 #              '-'
 %changelog
+* Fri Feb 10 2012 Josh Boyer <jwboyer at redhat.com>
+- Patch to prevent NULL pointer dereference in sd_revalidate_disk (rhbz 754518)
+
 * Fri Feb 10 2012 Josh Boyer <jwboyer at redhat.com> - 3.3.0-0.rc3.git2.1
 - Linux 3.3-rc3-git2 (upstream 612b8507c5d545feed2437b3d2239929cac7688d)
 
diff --git a/scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch b/scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
new file mode 100644
index 0000000..492376d
--- /dev/null
+++ b/scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
@@ -0,0 +1,22 @@
+--- a/drivers/scsi/sd.c	
++++ a/drivers/scsi/sd.c	
+@@ -2362,13 +2362,18 @@ static int sd_try_extended_inquiry(struct scsi_device *sdp)
+ static int sd_revalidate_disk(struct gendisk *disk)
+ {
+ 	struct scsi_disk *sdkp = scsi_disk(disk);
+-	struct scsi_device *sdp = sdkp->device;
++	struct scsi_device *sdp;
+ 	unsigned char *buffer;
+ 	unsigned flush = 0;
+ 
+ 	SCSI_LOG_HLQUEUE(3, sd_printk(KERN_INFO, sdkp,
+ 				      "sd_revalidate_disk\n"));
+ 
++	if (!sdkp)
++		goto out;
++
++	sdp = sdkp->device;
++
+ 	/*
+ 	 * If the device is offline, don't try and read capacity or any
+ 	 * of the other niceties.

More information about the scm-commits mailing list