From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-108-mta252.mxroute.com (mail-108-mta252.mxroute.com [136.175.108.252]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A56A1379C45 for ; Thu, 18 Jun 2026 12:01:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=136.175.108.252 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781784063; cv=none; b=tAHWsTmruivsRGTwEMqStOdI8IvJjXAP9vCfW3PjJpHJVnr/hljH4jKmId6zKT0WDq88YlLZWCpNvpnS4Nd7w18OU3gWI2dacR8HhoPrHWH9mAluhxilxsvj0L/9Kx1e7/XifIFxheSbcNjsd0nHRRhjG/Rbzn/IHFiBGxkDjvg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781784063; c=relaxed/simple; bh=z53SshA5Hk8gU684/HogGkXFnHqCakrjqlo6KZPFpkY=; h=From:To:Cc:Subject:In-Reply-To:References:Date:Message-ID: MIME-Version:Content-Type; b=T5KeLOwg+IzN10QmkNgAW4wWrZDc8E2GwVDLjo/qmVvakkTzx45l1+dOWViyl7eO7gv7/3x6K3KsZeOfBo+RZX3+ZgJnb2mLZ6b4Sp5Jz0Sp3ZbL4eFOy8zlL4pNbe1UsCKZjE4BxJK0jvcqmNXwnMamZSXwQ0IxlHh98GgRSGk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=damenly.org; spf=pass smtp.mailfrom=damenly.org; dkim=pass (2048-bit key) header.d=damenly.org header.i=@damenly.org header.b=hR5SMqgJ; arc=none smtp.client-ip=136.175.108.252 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=damenly.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=damenly.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=damenly.org header.i=@damenly.org header.b="hR5SMqgJ" Received: from filter006.mxroute.com ([136.175.111.3] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta252.mxroute.com (ZoneMTA) with ESMTPSA id 19eda965b2300067f7.008 for (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384); Thu, 18 Jun 2026 11:55:47 +0000 X-Zone-Loop: f5d4d8c0e5e480ac5b86edc490ceaae773d8ea53ab6e DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=damenly.org ; s=x; h=Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To: Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=bDeDrMBVzzGo05zBIB5kpykRTQgCrH9WVICWTW7tP2U=; b=hR5SMqgJWhtANIAxk72a64UE02 RdY99CePAbHEk6a/FSVrGopomubxGzNGSx3+kjyNUhHN9YhkdAQPQvevaaSx1tTCsGe7sKCcqgR6D FSGmlHfzD48BYqZ8bKrFLqNarOi5sDLCvicWbkY1XtYGXd9gRlrDcg0TAPwictut1WQwxTXbHF9Ft ZLo2btRAaO/Ci1HBf/NBqGrvy2NxGaSe5Zz031mQEC6wbG9qXHG3VJUfWFI9tcleiPxKIsGhGPmSS iY8jQTzXUEGLo8xS4tL2IWE51v+zz2pQZgkYBxe3KJHaDpp3poF0UvfyAxvoodCHtSZ8LAHCGMXBT YwEEN0AQ==; From: Su Yue To: ghuicao@163.com Cc: Mike Snitzer , Alasdair Kergon , Mikulas Patocka , Benjamin Marzinski , dm-devel@lists.linux.dev, linux-kernel@vger.kernel.org, Cao Guanghui Subject: Re: [PATCH 1/2] dm era: fix NULL pointer dereference in metadata_open() In-Reply-To: <20260617060053.71051-2-ghuicao@163.com> (ghuicao@163.com's message of "Wed, 17 Jun 2026 14:00:52 +0800") References: <20260617060053.71051-1-ghuicao@163.com> <20260617060053.71051-2-ghuicao@163.com> User-Agent: mu4e 1.12.7; emacs 30.2 Date: Thu, 18 Jun 2026 19:55:39 +0800 Message-ID: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; format=flowed X-Authenticated-Id: l@damenly.org On Wed 17 Jun 2026 at 14:00, ghuicao@163.com wrote: > From: Cao Guanghui > > metadata_open() returns NULL when kzalloc_obj() fails, but the > caller era_ctr() only checks IS_ERR(md). Since IS_ERR(NULL) > returns false, the NULL pointer is treated as a valid result > and later assigned to era->md, leading to a NULL pointer > dereference when the metadata is accessed. > > Fix this by returning ERR_PTR(-ENOMEM) on allocation failure, > consistent with dm-cache-metadata.c, dm-thin-metadata.c, and > dm-clone-metadata.c which all use ERR_PTR(-ENOMEM) for the > same pattern. > > Fixes: eec40579d848 ("dm: add era target") > Signed-off-by: Cao Guanghui > Reviewed-by: Su Yue > --- > drivers/md/dm-era-target.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/drivers/md/dm-era-target.c > b/drivers/md/dm-era-target.c > index 05285c04ff2c..08ce96e8cf4f 100644 > --- a/drivers/md/dm-era-target.c > +++ b/drivers/md/dm-era-target.c > @@ -810,8 +810,10 @@ static struct era_metadata > *metadata_open(struct block_device *bdev, > int r; > struct era_metadata *md = kzalloc_obj(*md); > > - if (!md) > - return NULL; > + if (!md) { > + DMERR("could not allocate metadata struct"); > + return ERR_PTR(-ENOMEM); > + } > > md->bdev = bdev; > md->block_size = block_size;