Hello Jens, This bug was originally reported against 3.10 and still exists in 3.15-rc5 [1] [2].
These changes were tested on-top of 3.15-rc5 with user-program that opens a CD device, its media is removed, and then the program issues a CDROMEJECT ioctl. Without this change, the kernel can crash in sg_scsi_ioctl on NULL request pointer. The first patch adds return checking to a few blk_get_request callers. The second patch is much larger, modifying the return value to include an ERR_PTR to indicate failure reason. I didn't touch any of the IDE callers save one since all but that one assume success. As such, the first can be merged without the second if the change is considered too dangerous. Feel free to drop any changes to files (like paride/pd.c) if they're considered deprecated. [1] http://thread.gmane.org/gmane.linux.scsi/80934 [2] http://thread.gmane.org/gmane.linux.kernel/1502882 Joe Lawrence (2): block,scsi: verify return pointer from blk_get_request block,scsi: convert and handle ERR_PTR from blk_get_request block/blk-core.c | 34 ++++++++++++++--------------- block/bsg.c | 8 +++---- block/scsi_ioctl.c | 13 ++++++++--- drivers/block/paride/pd.c | 2 ++ drivers/block/pktcdvd.c | 2 ++ drivers/block/sx8.c | 2 +- drivers/cdrom/cdrom.c | 4 ++-- drivers/ide/ide-park.c | 2 +- drivers/scsi/device_handler/scsi_dh_alua.c | 2 +- drivers/scsi/device_handler/scsi_dh_emc.c | 2 +- drivers/scsi/device_handler/scsi_dh_hp_sw.c | 4 ++-- drivers/scsi/device_handler/scsi_dh_rdac.c | 2 +- drivers/scsi/osd/osd_initiator.c | 4 ++-- drivers/scsi/osst.c | 2 +- drivers/scsi/scsi_error.c | 2 ++ drivers/scsi/scsi_lib.c | 2 +- drivers/scsi/scsi_tgt_lib.c | 2 +- drivers/scsi/sg.c | 4 ++-- drivers/scsi/st.c | 2 +- drivers/target/target_core_pscsi.c | 2 +- 20 files changed, 55 insertions(+), 42 deletions(-) -- 1.8.3.1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/