diff options
| -rw-r--r-- | kernel.spec | 9 | ||||
| -rw-r--r-- | scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch | 22 |
2 files changed, 31 insertions, 0 deletions
diff --git a/kernel.spec b/kernel.spec index 534b634a4..2e22f50a4 100644 --- a/kernel.spec +++ b/kernel.spec @@ -754,6 +754,9 @@ Patch21233: jbd2-clear-BH_Delay-and-BH_Unwritten-in-journal_unmap_buf.patch #rhbz 787373 Patch21234: Bluetooth-Remove-bogus-inline-decl-from-l2cap_chan_connect.patch +#rhbz 754518 +Patch21235: scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch + # compat-wireless patches Patch50000: compat-wireless-config-fixups.patch Patch50001: compat-wireless-pr_fmt-warning-avoidance.patch @@ -1456,6 +1459,9 @@ ApplyPatch jbd2-clear-BH_Delay-and-BH_Unwritten-in-journal_unmap_buf.patch #rhbz 787373 ApplyPatch Bluetooth-Remove-bogus-inline-decl-from-l2cap_chan_connect.patch +#rhbz 754518 +ApplyPatch scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch + # END OF PATCH APPLICATIONS %endif @@ -2326,6 +2332,9 @@ fi # ||----w | # || || %changelog +* Fri Feb 10 2012 Josh Boyer <jwboyer@redhat.com> +- Patch to prevent NULL pointer dereference in sd_revalidate_disk (rhbz 754518) + * Fri Feb 10 2012 Josh Boyer <jwboyer@redhat.com> - 3.3.0-0.rc3.git2.1 - Linux 3.3-rc3-git2 (upstream 612b8507c5d545feed2437b3d2239929cac7688d) diff --git a/scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch b/scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch new file mode 100644 index 000000000..492376d78 --- /dev/null +++ b/scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch @@ -0,0 +1,22 @@ +--- a/drivers/scsi/sd.c ++++ a/drivers/scsi/sd.c +@@ -2362,13 +2362,18 @@ static int sd_try_extended_inquiry(struct scsi_device *sdp) + static int sd_revalidate_disk(struct gendisk *disk) + { + struct scsi_disk *sdkp = scsi_disk(disk); +- struct scsi_device *sdp = sdkp->device; ++ struct scsi_device *sdp; + unsigned char *buffer; + unsigned flush = 0; + + SCSI_LOG_HLQUEUE(3, sd_printk(KERN_INFO, sdkp, + "sd_revalidate_disk\n")); + ++ if (!sdkp) ++ goto out; ++ ++ sdp = sdkp->device; ++ + /* + * If the device is offline, don't try and read capacity or any + * of the other niceties. |