block,scsi: verify return pointer from blk_get_request

The blk-core dead queue checks introduce an error scenario to blk_get_request that returns NULL if the request queue has been shutdown. This affects the behavior for __GFP_WAIT callers, who should verify the return value before dereferencing. Signed-off-by: Joe Lawrence <joe.lawrence@stratus.com> Acked-by: Jiri Kosina <jkosina@suse.cz> [for pktdvd] Reviewed-by: Jeff Moyer <jmoyer@redhat.com> Signed-off-by: Jens Axboe <axboe@fb.com>
author: Joe Lawrence <joe.lawrence@stratus.com> 2014-07-02 15:35:16 -0400
committer: Jens Axboe <axboe@fb.com> 2014-08-26 17:20:23 -0400
commit: eb571eeade2598635f813b3284d02c13a380301e (patch)
tree: 539842ad23a4eaae8c272278fd9fea389afa6b93
parent: 52addcf9d6669fa439387610bc65c92fa0980cef (diff)
4 files changed, 14 insertions, 1 deletions
diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c
index 51bf5155ee75..29d056782833 100644
--- a/block/scsi_ioctl.c
+++ b/block/scsi_ioctl.c
@@ -448,6 +448,10 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode,
        }
        rq = blk_get_request(q, in_len ? WRITE : READ, __GFP_WAIT);
+        if (!rq) {
+                err = -ENODEV;
+                goto error_free_buffer;
+        }
        cmdlen = COMMAND_SIZE(opcode);
@@ -520,8 +524,9 @@ out:
        }
        
 error:
-        kfree(buffer);
        blk_put_request(rq);
+error_free_buffer:
+        kfree(buffer);
        return err;
 }
 EXPORT_SYMBOL_GPL(sg_scsi_ioctl);
@@ -534,6 +539,8 @@ static int __blk_send_generic(struct request_queue *q, struct gendisk *bd_disk,
        int err;
        rq = blk_get_request(q, WRITE, __GFP_WAIT);
+        if (!rq)
+                return -ENODEV;
        blk_rq_set_block_pc(rq);
        rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
        rq->cmd[0] = cmd;
diff --git a/drivers/block/paride/pd.c b/drivers/block/paride/pd.c
index fea7e76a00de..ca831f741d89 100644
--- a/drivers/block/paride/pd.c
+++ b/drivers/block/paride/pd.c
@@ -722,6 +722,8 @@ static int pd_special_command(struct pd_unit *disk,
        int err = 0;
        rq = blk_get_request(disk->gd->queue, READ, __GFP_WAIT);
+        if (!rq)
+                return -ENODEV;
        rq->cmd_type = REQ_TYPE_SPECIAL;
        rq->special = func;
diff --git a/drivers/block/pktcdvd.c b/drivers/block/pktcdvd.c
index 758ac442c5b5..7fa8c80e8982 100644
--- a/drivers/block/pktcdvd.c
+++ b/drivers/block/pktcdvd.c
@@ -704,6 +704,8 @@ static int pkt_generic_packet(struct pktcdvd_device *pd, struct packet_command *
        rq = blk_get_request(q, (cgc->data_direction == CGC_DATA_WRITE) ?
                             WRITE : READ, __GFP_WAIT);
+        if (!rq)
+                return -ENODEV;
        blk_rq_set_block_pc(rq);
        if (cgc->buflen) {
diff --git a/drivers/scsi/scsi_error.c b/drivers/scsi/scsi_error.c
index 5db8454474ee..4c433bf47a06 100644
--- a/drivers/scsi/scsi_error.c
+++ b/drivers/scsi/scsi_error.c
@@ -1960,6 +1960,8 @@ static void scsi_eh_lock_door(struct scsi_device *sdev)
         * request becomes available
         */
        req = blk_get_request(sdev->request_queue, READ, GFP_KERNEL);
+        if (!req)
+                return;
        blk_rq_set_block_pc(req);
author	Joe Lawrence <joe.lawrence@stratus.com>	2014-07-02 15:35:16 -0400
committer	Jens Axboe <axboe@fb.com>	2014-08-26 17:20:23 -0400
commit	eb571eeade2598635f813b3284d02c13a380301e (patch)
tree	539842ad23a4eaae8c272278fd9fea389afa6b93
parent	52addcf9d6669fa439387610bc65c92fa0980cef (diff)