• Borislav Petkov's avatar
    drivers/ide-cd: Handle missing driver data during status check gracefully · fbc3edf7
    Borislav Petkov authored
    The 0day bot reports the below failure which happens occasionally, with
    their randconfig testing (once every ~100 boots).  The Code points at
    the private pointer ->driver_data being NULL, which hints at a race of
    sorts where the private driver_data descriptor has disappeared by the
    time we get to run the workqueue.
    
    So let's check that pointer before we continue with issuing the command
    to the drive.
    
    This fix is of the brown paper bag nature but considering that IDE is
    long deprecated, let's do that so that random testing which happens to
    enable CONFIG_IDE during randconfig builds, doesn't fail because of
    this.
    
    Besides, failing the TEST_UNIT_READY command because the drive private
    data is gone is something which we could simply do anyway, to denote
    that there was a problem communicating with the device.
    
      BUG: unable to handle kernel NULL pointer dereference at 000001c0
      IP: cdrom_check_status
      *pde = 00000000
      Oops: 0000 [#1] SMP
      CPU: 1 PID: 155 Comm: kworker/1:2 Not tainted 4.14.0-rc8 #127
      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
      Workqueue: events_freezable_power_ disk_events_workfn
      task: 4fe90980 task.stack: 507ac000
      EIP: cdrom_check_status+0x2c/0x90
      EFLAGS: 00210246 CPU: 1
      EAX: 00000000 EBX: 4fefec00 ECX: 00000000 EDX: 00000000
      ESI: 00000003 EDI: ffffffff EBP: 467a9340 ESP: 507aded0
       DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
      CR0: 80050033 CR2: 000001c0 CR3: 06e0f000 CR4: 00000690
      Call Trace:
       ? ide_cdrom_check_events_real
       ? cdrom_check_events
       ? disk_check_events
       ? process_one_work
       ? process_one_work
       ? worker_thread
       ? kthread
       ? process_one_work
       ? __kthread_create_on_node
       ? ret_from_fork
      Code: 53 83 ec 14 89 c3 89 d1 be 03 00 00 00 65 a1 14 00 00 00 89 44 24 10 31 c0 8b 43 18 c7 44 24 04 00 00 00 00 c7 04 24 00 00 00 00 <8a> 80 c0 01 00 00 c7 44 24 08 00 00 00 00 83 e0 03 c7 44 24 0c
      EIP: cdrom_check_status+0x2c/0x90 SS:ESP: 0068:507aded0
      CR2: 00000000000001c0
      ---[ end trace 2410e586dd8f88b2 ]---
    Reported-and-tested-by: default avatarFengguang Wu <fengguang.wu@intel.com>
    Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
    Cc: "David S. Miller" <davem@davemloft.net>
    Cc: Jens Axboe <axboe@kernel.dk>
    Cc: Bart Van Assche <bart.vanassche@sandisk.com>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    fbc3edf7
ide-cd.c 46.4 KB