* [PATCH] dm mpath: potential NULL dereference with parse_path()
@ 2018-01-06 9:26 ` Dan Carpenter
0 siblings, 0 replies; 4+ messages in thread
From: Dan Carpenter @ 2018-01-06 9:26 UTC (permalink / raw)
To: Alasdair Kergon, Mike Snitzer; +Cc: dm-devel, kernel-janitors
We forgot to set the error code on this path so it means we accidentally
return NULL. The caller is expecting error pointers and will crash
with a NULL dereference.
Fixes: faf782b1c93d ("dm mpath: optimize NVMe bio-based support")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/drivers/md/dm-mpath.c b/drivers/md/dm-mpath.c
index d1f32103ae86..0436a5466281 100644
--- a/drivers/md/dm-mpath.c
+++ b/drivers/md/dm-mpath.c
@@ -883,6 +883,7 @@ static struct pgpath *parse_path(struct dm_arg_set *as, struct path_selector *ps
INIT_DELAYED_WORK(&p->activate_path, activate_path_work);
if (setup_scsi_dh(p->path.dev->bdev, m, &ti->error)) {
dm_put_device(ti, p->path.dev);
+ r = -EINVAL;
goto bad;
}
}
^ permalink raw reply related [flat|nested] 4+ messages in thread* [PATCH] dm mpath: potential NULL dereference with parse_path()
@ 2018-01-06 9:26 ` Dan Carpenter
0 siblings, 0 replies; 4+ messages in thread
From: Dan Carpenter @ 2018-01-06 9:26 UTC (permalink / raw)
To: Alasdair Kergon, Mike Snitzer; +Cc: dm-devel, kernel-janitors
We forgot to set the error code on this path so it means we accidentally
return NULL. The caller is expecting error pointers and will crash
with a NULL dereference.
Fixes: faf782b1c93d ("dm mpath: optimize NVMe bio-based support")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/drivers/md/dm-mpath.c b/drivers/md/dm-mpath.c
index d1f32103ae86..0436a5466281 100644
--- a/drivers/md/dm-mpath.c
+++ b/drivers/md/dm-mpath.c
@@ -883,6 +883,7 @@ static struct pgpath *parse_path(struct dm_arg_set *as, struct path_selector *ps
INIT_DELAYED_WORK(&p->activate_path, activate_path_work);
if (setup_scsi_dh(p->path.dev->bdev, m, &ti->error)) {
dm_put_device(ti, p->path.dev);
+ r = -EINVAL;
goto bad;
}
}
^ permalink raw reply related [flat|nested] 4+ messages in thread* Re: dm mpath: potential NULL dereference with parse_path()
2018-01-06 9:26 ` Dan Carpenter
@ 2018-01-06 16:20 ` Mike Snitzer
-1 siblings, 0 replies; 4+ messages in thread
From: Mike Snitzer @ 2018-01-06 16:20 UTC (permalink / raw)
To: Dan Carpenter; +Cc: Alasdair Kergon, dm-devel, kernel-janitors
On Sat, Jan 06 2018 at 4:26P -0500,
Dan Carpenter <dan.carpenter@oracle.com> wrote:
> We forgot to set the error code on this path so it means we accidentally
> return NULL. The caller is expecting error pointers and will crash
> with a NULL dereference.
>
> Fixes: faf782b1c93d ("dm mpath: optimize NVMe bio-based support")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>
> diff --git a/drivers/md/dm-mpath.c b/drivers/md/dm-mpath.c
> index d1f32103ae86..0436a5466281 100644
> --- a/drivers/md/dm-mpath.c
> +++ b/drivers/md/dm-mpath.c
> @@ -883,6 +883,7 @@ static struct pgpath *parse_path(struct dm_arg_set *as, struct path_selector *ps
> INIT_DELAYED_WORK(&p->activate_path, activate_path_work);
> if (setup_scsi_dh(p->path.dev->bdev, m, &ti->error)) {
> dm_put_device(ti, p->path.dev);
> + r = -EINVAL;
> goto bad;
> }
> }
Thanks for the report, but I prefer the following fix, which I'll fold
into the original commit:
diff --git a/drivers/md/dm-mpath.c b/drivers/md/dm-mpath.c
index 99420b0ac2db..be581765edd1 100644
--- a/drivers/md/dm-mpath.c
+++ b/drivers/md/dm-mpath.c
@@ -882,7 +882,8 @@ static struct pgpath *parse_path(struct dm_arg_set *as, struct path_selector *ps
if (m->queue_mode != DM_TYPE_NVME_BIO_BASED) {
INIT_DELAYED_WORK(&p->activate_path, activate_path_work);
- if (setup_scsi_dh(p->path.dev->bdev, m, &ti->error)) {
+ r = setup_scsi_dh(p->path.dev->bdev, m, &ti->error);
+ if (r) {
dm_put_device(ti, p->path.dev);
goto bad;
}
^ permalink raw reply related [flat|nested] 4+ messages in thread* Re: dm mpath: potential NULL dereference with parse_path()
@ 2018-01-06 16:20 ` Mike Snitzer
0 siblings, 0 replies; 4+ messages in thread
From: Mike Snitzer @ 2018-01-06 16:20 UTC (permalink / raw)
To: Dan Carpenter; +Cc: Alasdair Kergon, dm-devel, kernel-janitors
On Sat, Jan 06 2018 at 4:26P -0500,
Dan Carpenter <dan.carpenter@oracle.com> wrote:
> We forgot to set the error code on this path so it means we accidentally
> return NULL. The caller is expecting error pointers and will crash
> with a NULL dereference.
>
> Fixes: faf782b1c93d ("dm mpath: optimize NVMe bio-based support")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>
> diff --git a/drivers/md/dm-mpath.c b/drivers/md/dm-mpath.c
> index d1f32103ae86..0436a5466281 100644
> --- a/drivers/md/dm-mpath.c
> +++ b/drivers/md/dm-mpath.c
> @@ -883,6 +883,7 @@ static struct pgpath *parse_path(struct dm_arg_set *as, struct path_selector *ps
> INIT_DELAYED_WORK(&p->activate_path, activate_path_work);
> if (setup_scsi_dh(p->path.dev->bdev, m, &ti->error)) {
> dm_put_device(ti, p->path.dev);
> + r = -EINVAL;
> goto bad;
> }
> }
Thanks for the report, but I prefer the following fix, which I'll fold
into the original commit:
diff --git a/drivers/md/dm-mpath.c b/drivers/md/dm-mpath.c
index 99420b0ac2db..be581765edd1 100644
--- a/drivers/md/dm-mpath.c
+++ b/drivers/md/dm-mpath.c
@@ -882,7 +882,8 @@ static struct pgpath *parse_path(struct dm_arg_set *as, struct path_selector *ps
if (m->queue_mode != DM_TYPE_NVME_BIO_BASED) {
INIT_DELAYED_WORK(&p->activate_path, activate_path_work);
- if (setup_scsi_dh(p->path.dev->bdev, m, &ti->error)) {
+ r = setup_scsi_dh(p->path.dev->bdev, m, &ti->error);
+ if (r) {
dm_put_device(ti, p->path.dev);
goto bad;
}
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-01-06 16:20 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-01-06 9:26 [PATCH] dm mpath: potential NULL dereference with parse_path() Dan Carpenter
2018-01-06 9:26 ` Dan Carpenter
2018-01-06 16:20 ` Mike Snitzer
2018-01-06 16:20 ` Mike Snitzer
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.