Re: [PATCH] st: fix corruption of the st_modedef structures in st_set_options()

Wed, 12 Feb 2014 12:46:39 -0800 

On 11.2.2014, at 23.22, Maurizio Lombardi <[email protected]> wrote:

> When copying the st_modedef structures the devs pointers must be preserved
> in the same way as with the cdevs pointers.
> 
> This fixes bug 70271: https://bugzilla.kernel.org/show_bug.cgi?id=70271
> 
> [  135.037052] BUG: unable to handle kernel NULL pointer dereference at 
> 0000000000000098
> [  135.045048] IP: [<ffffffff812af6a1>] kernfs_find_ns+0x21/0x150
> [  135.050999] PGD 220623067 PUD 222171067 PMD 0
...
> [  135.357859] Code: ff eb e3 0f 1f 80 00 00 00 00 55 48 89 e5 48 83 ec 30 48 
> 89 5d d8 4c 89 65 e0 4c 89 6d e8 4c 89 75 f0 4c 89 7d f8 66 66 66 66 90 <44> 
> 0f b7 bf 98 00 00 00 8b 05 71 6d 87 00 48 89 fb 49 89 f4 49
> [  135.378282] RIP  [<ffffffff812af6a1>] kernfs_find_ns+0x21/0x150
> [  135.384355]  RSP <ffff8802206e5c98>
> [  135.387881] CR2: 0000000000000098
> [  135.391298] ---[ end trace 1968409221ddb3c8 ]---
> 
> Signed-off-by: Maurizio Lombardi <[email protected]>

Acked-by: Kai Mäkisara <[email protected]>

> ---
> drivers/scsi/st.c | 11 +++++++++--
> 1 file changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/scsi/st.c b/drivers/scsi/st.c
> index a1d6986..afc834e 100644
> --- a/drivers/scsi/st.c
> +++ b/drivers/scsi/st.c
> @@ -2198,12 +2198,19 @@ static int st_set_options(struct scsi_tape *STp, long 
> options)
>       struct st_modedef *STm;
>       char *name = tape_name(STp);
>       struct cdev *cd0, *cd1;
> +     struct device *d0, *d1;
> 
>       STm = &(STp->modes[STp->current_mode]);
>       if (!STm->defined) {
> -             cd0 = STm->cdevs[0]; cd1 = STm->cdevs[1];
> +             cd0 = STm->cdevs[0];
> +             cd1 = STm->cdevs[1];
> +             d0  = STm->devs[0];
> +             d1  = STm->devs[1];
>               memcpy(STm, &(STp->modes[0]), sizeof(struct st_modedef));
> -             STm->cdevs[0] = cd0; STm->cdevs[1] = cd1;
> +             STm->cdevs[0] = cd0;
> +             STm->cdevs[1] = cd1;
> +             STm->devs[0]  = d0;
> +             STm->devs[1]  = d1;
>               modes_defined = 1;
>                 DEBC(printk(ST_DEB_MSG
>                             "%s: Initialized mode %d definition from mode 
> 0\n",
> -- 
> Maurizio Lombardi

Thanks,
Kai

--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to