git.samba.org / sfrench / cifs-2.6.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2b88551)
blk-mq: add bounds check on tag-to-rq conversion
authorHannes Reinecke <hare@suse.de>
Tue, 15 Mar 2016 19:03:28 +0000 (12:03 -0700)
committerJens Axboe <axboe@fb.com>
Tue, 15 Mar 2016 19:03:28 +0000 (12:03 -0700)
We need to check for a valid index before accessing the array
element to avoid accessing invalid memory regions.

Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Jeff Moyer <jmoyer@redhat.com>
Modified by Jens to drop the unlikely(), and make the fall through
path be having a valid tag.

Signed-off-by: Jens Axboe <axboe@fb.com>
block/blk-mq.c patch | blob | history

diff --git a/block/blk-mq.c b/block/blk-mq.c
index 5667f59c277c5052dca7a4e4e4d643d8c06cfa5f..261b6feddae6a30b5ebb6e085ba9fd32bb0e6477 100644 (file)
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -544,7 +544,10 @@ EXPORT_SYMBOL(blk_mq_abort_requeue_list);
 
 struct request *blk_mq_tag_to_rq(struct blk_mq_tags *tags, unsigned int tag)
 {
-       return tags->rqs[tag];
+       if (tag < tags->nr_tags)
+               return tags->rqs[tag];
+
+       return NULL;
 }
 EXPORT_SYMBOL(blk_mq_tag_to_rq);
 
Unnamed repository; edit this file 'description' to name the repository.