linux/drivers
Rainer Weikusat 39c58f37a1 ide-cd: prevent null pointer deref via cdrom_newpc_intr
With 2.6.30, the error handling code in cdrom_newpc_intr was changed
to deal with partial request failures by normally completing the 'good'
parts of a request and only 'error' the last (and presumably,
incompletely transferred) bio associated with a particular
request. In order to do this, ide_complete_rq is called over
ide_cd_error_cmd() to partially complete the rq. The block layer
does partial completion only for requests with bio's and if the
rq doesn't have one (eg 'GPCMD_READ_DISC_INFO') the request is
completed as a whole and the drive->hwif->rq pointer set to NULL
afterwards. When calling ide_complete_rq again to report
the error, this null pointer is derefenced, resulting in a kernel
crash.

This fixes http://bugzilla.kernel.org/show_bug.cgi?id=13399.

Signed-off-by: Rainer Weikusat <rweikusat@mssgmbh.com>
Signed-off-by: Borislav Petkov <petkovbb@gmail.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
2009-06-20 12:22:47 +02:00
..
accessibility
acpi Merge branch 'irq-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2009-06-10 15:25:41 -07:00
amba
ata Merge branch 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev 2009-06-11 11:23:17 -07:00
atm
auxdisplay
base Driver Core: Rework platform suspend/resume, print warning 2009-06-12 21:32:32 +02:00
block Merge branch 'for-linus' of git://git.monstr.eu/linux-2.6-microblaze 2009-06-12 13:15:17 -07:00
bluetooth tty: fix bluetooth scribbling on low latency flags 2009-06-11 08:51:05 -07:00
cdrom block: Use accessor functions for queue limits 2009-05-22 23:22:54 +02:00
char Merge branch 'drm-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6 2009-06-12 18:09:18 -07:00
clocksource
connector
cpufreq cpumask: alloc zeroed cpumask for static cpumask_var_ts 2009-06-09 22:30:27 +09:30
cpuidle
crypto
dca
dio
dma Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6 2009-05-30 07:57:44 -07:00
edac EDAC: do not enable modules by default 2009-06-10 12:19:41 +02:00
eisa
firewire
firmware [libata] ahci: Restore SB600 SATA controller 64 bit DMA 2009-06-10 11:05:00 -04:00
gpio microblaze: Kconfig: Enable drivers for Microblaze 2009-05-21 15:56:04 +02:00
gpu Merge branch 'drm-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6 2009-06-12 18:09:18 -07:00
hid
hwmon hwmon: (lm78) Add missing __devexit_p() 2009-06-01 13:46:49 +02:00
i2c Merge branch 'sh/clkfwk' 2009-05-26 23:50:40 +09:00
ide ide-cd: prevent null pointer deref via cdrom_newpc_intr 2009-06-20 12:22:47 +02:00
idle i7300_idle: allow testing on i5000-series hardware w/o re-compile 2009-05-28 20:52:40 -04:00
ieee1394 fs: Remove i_cindex from struct inode 2009-06-11 21:36:09 -04:00
infiniband [SCSI] libiscsi: add task aborted state 2009-05-23 15:44:13 -05:00
input Merge branch 'for-linus' of git://git.monstr.eu/linux-2.6-microblaze 2009-06-12 13:15:17 -07:00
isdn gigaset: beyond ARRAY_SIZE of iwb->data 2009-05-21 15:04:15 -07:00
leds
lguest Merge git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-lguest 2009-06-12 09:32:26 -07:00
macintosh
mca
md Merge branch 'for-2.6.31' of git://git.kernel.dk/linux-2.6-block 2009-06-11 11:10:35 -07:00
media ivtv: Fix PCI DMA direction 2009-06-05 08:05:23 -07:00
memstick block: Do away with the notion of hardsect_size 2009-05-22 23:22:54 +02:00
message [SCSI] Merge branch 'linus' 2009-06-12 10:02:03 -05:00
mfd mfd: pcf50633: fix unsafe disable_irq() 2009-05-19 22:22:28 +02:00
misc
mmc Merge branch 'for-2.6.31' of git://git.kernel.dk/linux-2.6-block 2009-06-11 11:10:35 -07:00
mtd Merge branch 'for-2.6.31' of git://git.kernel.dk/linux-2.6-block 2009-06-11 11:10:35 -07:00
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6 2009-06-12 09:50:42 -07:00
nubus
of microblaze: Kconfig: Enable drivers for Microblaze 2009-05-21 15:56:04 +02:00
oprofile
parisc
parport parport_pc: clean up the modified while loops using for 2009-06-11 08:51:03 -07:00
pci Merge branch 'irq-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2009-06-10 15:25:41 -07:00
pcmcia
platform
pnp Merge branch 'drm-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6 2009-06-12 18:09:18 -07:00
power
ps3
rapidio
regulator regulator: da903x: add missing __devexit_p() 2009-05-18 11:21:10 +01:00
rtc Merge branches 'sh/stable-updates' and 'sh/sparseirq' 2009-05-22 13:29:37 +09:00
s390 Merge branch 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6 2009-06-12 18:18:05 -07:00
sbus
scsi [SCSI] Merge branch 'linus' 2009-06-12 10:02:03 -05:00
serial Merge git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6 2009-06-11 10:08:33 -07:00
sh sh: Tie sparseirq in to Kconfig. 2009-06-11 10:33:09 +03:00
sn
spi microblaze: Kconfig: Enable drivers for Microblaze 2009-05-21 15:56:04 +02:00
ssb SSB: BCM47xx: Export ssb_watchdog_timer_set 2009-06-08 16:57:50 +01:00
staging
tc
telephony
thermal
uio
usb Merge branch 'for-linus' of git://git.monstr.eu/linux-2.6-microblaze 2009-06-12 13:15:17 -07:00
uwb
video Merge branch 'for-linus' of git://git.monstr.eu/linux-2.6-microblaze 2009-06-12 13:15:17 -07:00
virtio virtio: enhance id_matching for virtio drivers 2009-06-12 22:16:40 +09:30
w1
watchdog
xen PM core: rename suspend and resume functions 2009-06-12 21:32:31 +02:00
zorro
Kconfig
Makefile