From: Su Yue <l@damenly.org>
To: ghuicao@163.com
Cc: Mike Snitzer <snitzer@kernel.org>,
Alasdair Kergon <agk@redhat.com>,
Mikulas Patocka <mpatocka@redhat.com>,
Benjamin Marzinski <bmarzins@redhat.com>,
dm-devel@lists.linux.dev, linux-kernel@vger.kernel.org,
Cao Guanghui <caoguanghui@kylinos.cn>
Subject: Re: [PATCH 1/2] dm era: fix NULL pointer dereference in metadata_open()
Date: Thu, 18 Jun 2026 19:55:39 +0800 [thread overview]
Message-ID: <o6h8t64k.fsf@damenly.org> (raw)
In-Reply-To: <20260617060053.71051-2-ghuicao@163.com> (ghuicao@163.com's message of "Wed, 17 Jun 2026 14:00:52 +0800")
On Wed 17 Jun 2026 at 14:00, ghuicao@163.com wrote:
> From: Cao Guanghui <caoguanghui@kylinos.cn>
>
> metadata_open() returns NULL when kzalloc_obj() fails, but the
> caller era_ctr() only checks IS_ERR(md). Since IS_ERR(NULL)
> returns false, the NULL pointer is treated as a valid result
> and later assigned to era->md, leading to a NULL pointer
> dereference when the metadata is accessed.
>
> Fix this by returning ERR_PTR(-ENOMEM) on allocation failure,
> consistent with dm-cache-metadata.c, dm-thin-metadata.c, and
> dm-clone-metadata.c which all use ERR_PTR(-ENOMEM) for the
> same pattern.
>
> Fixes: eec40579d848 ("dm: add era target")
> Signed-off-by: Cao Guanghui <caoguanghui@kylinos.cn>
>
Reviewed-by: Su Yue <glass.su@suse.com>
> ---
> drivers/md/dm-era-target.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/md/dm-era-target.c
> b/drivers/md/dm-era-target.c
> index 05285c04ff2c..08ce96e8cf4f 100644
> --- a/drivers/md/dm-era-target.c
> +++ b/drivers/md/dm-era-target.c
> @@ -810,8 +810,10 @@ static struct era_metadata
> *metadata_open(struct block_device *bdev,
> int r;
> struct era_metadata *md = kzalloc_obj(*md);
>
> - if (!md)
> - return NULL;
> + if (!md) {
> + DMERR("could not allocate metadata struct");
> + return ERR_PTR(-ENOMEM);
> + }
>
> md->bdev = bdev;
> md->block_size = block_size;
next prev parent reply other threads:[~2026-06-18 12:01 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-17 6:00 [PATCH 0/2] dm era: fix metadata_open NULL deref and error propagation ghuicao
2026-06-17 6:00 ` [PATCH 1/2] dm era: fix NULL pointer dereference in metadata_open() ghuicao
2026-06-18 11:55 ` Su Yue [this message]
2026-06-17 6:00 ` [PATCH 2/2] dm era: fix error code propagation in era_ctr() ghuicao
2026-06-18 11:58 ` Su Yue
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=o6h8t64k.fsf@damenly.org \
--to=l@damenly.org \
--cc=agk@redhat.com \
--cc=bmarzins@redhat.com \
--cc=caoguanghui@kylinos.cn \
--cc=dm-devel@lists.linux.dev \
--cc=ghuicao@163.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mpatocka@redhat.com \
--cc=snitzer@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.