Commit cc1875ec authored by Dāvis Mosāns's avatar Dāvis Mosāns Committed by Ben Hutchings

mvsas: Fix NULL pointer dereference in mvs_slot_task_free

commit 22805217 upstream.

When pci_pool_alloc fails in mvs_task_prep then task->lldd_task stays
NULL but it's later used in mvs_abort_task as slot which is passed
to mvs_slot_task_free causing NULL pointer dereference.

Just return from mvs_slot_task_free when passed with NULL slot.

Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=101891Signed-off-by: default avatarDāvis Mosāns <davispuh@gmail.com>
Reviewed-by: default avatarTomas Henzl <thenzl@redhat.com>
Reviewed-by: default avatarJohannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: default avatarJames Bottomley <JBottomley@Odin.com>
Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
parent 965d8d1d
...@@ -991,6 +991,8 @@ static void mvs_slot_free(struct mvs_info *mvi, u32 rx_desc) ...@@ -991,6 +991,8 @@ static void mvs_slot_free(struct mvs_info *mvi, u32 rx_desc)
static void mvs_slot_task_free(struct mvs_info *mvi, struct sas_task *task, static void mvs_slot_task_free(struct mvs_info *mvi, struct sas_task *task,
struct mvs_slot_info *slot, u32 slot_idx) struct mvs_slot_info *slot, u32 slot_idx)
{ {
if (!slot)
return;
if (!slot->task) if (!slot->task)
return; return;
if (!sas_protocol_ata(task->task_proto)) if (!sas_protocol_ata(task->task_proto))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment