[PATCH 3.18 21/93] scsi: sg: dont return bogus Sg_requests

2018-04-06 Thread Greg Kroah-Hartman 
3.18-stable review patch.  If anyone has any objections, please let me know.

--

From: Johannes Thumshirn 

commit 48ae8484e9fc324b4968d33c585e54bc98e44d61 upstream.

If the list search in sg_get_rq_mark() fails to find a valid request, we
return a bogus element. This then can later lead to a GPF in
sg_remove_scat().

So don't return bogus Sg_requests in sg_get_rq_mark() but NULL in case
the list search doesn't find a valid request.

Signed-off-by: Johannes Thumshirn 
Reported-by: Andrey Konovalov 
Cc: Hannes Reinecke 
Cc: Christoph Hellwig 
Cc: Doug Gilbert 
Reviewed-by: Hannes Reinecke 
Acked-by: Doug Gilbert 
Signed-off-by: Martin K. Petersen 
Cc: Tony Battersby 
Signed-off-by: Greg Kroah-Hartman 

---
 drivers/scsi/sg.c |5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c
@@ -2121,11 +2121,12 @@ sg_get_rq_mark(Sg_fd * sfp, int pack_id)
if ((1 == resp->done) && (!resp->sg_io_owned) &&
((-1 == pack_id) || (resp->header.pack_id == pack_id))) {
resp->done = 2; /* guard against other readers */
-   break;
+   write_unlock_irqrestore(>rq_list_lock, iflags);
+   return resp;
}
}
write_unlock_irqrestore(>rq_list_lock, iflags);
-   return resp;
+   return NULL;
 }
 
 /* always adds to end of list */

[PATCH 3.18 21/93] scsi: sg: dont return bogus Sg_requests

2018-04-06 Thread Greg Kroah-Hartman 
3.18-stable review patch.  If anyone has any objections, please let me know.

--

From: Johannes Thumshirn 

commit 48ae8484e9fc324b4968d33c585e54bc98e44d61 upstream.

If the list search in sg_get_rq_mark() fails to find a valid request, we
return a bogus element. This then can later lead to a GPF in
sg_remove_scat().

So don't return bogus Sg_requests in sg_get_rq_mark() but NULL in case
the list search doesn't find a valid request.

Signed-off-by: Johannes Thumshirn 
Reported-by: Andrey Konovalov 
Cc: Hannes Reinecke 
Cc: Christoph Hellwig 
Cc: Doug Gilbert 
Reviewed-by: Hannes Reinecke 
Acked-by: Doug Gilbert 
Signed-off-by: Martin K. Petersen 
Cc: Tony Battersby 
Signed-off-by: Greg Kroah-Hartman 

---
 drivers/scsi/sg.c |5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c
@@ -2121,11 +2121,12 @@ sg_get_rq_mark(Sg_fd * sfp, int pack_id)
if ((1 == resp->done) && (!resp->sg_io_owned) &&
((-1 == pack_id) || (resp->header.pack_id == pack_id))) {
resp->done = 2; /* guard against other readers */
-   break;
+   write_unlock_irqrestore(>rq_list_lock, iflags);
+   return resp;
}
}
write_unlock_irqrestore(>rq_list_lock, iflags);
-   return resp;
+   return NULL;
 }
 
 /* always adds to end of list */