[PATCH 1/2] null_blk: prevent NULL dereference in null_init_tag

linux-block.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH 1/2] null_blk: prevent NULL dereference in null_init_tag_set()
@ 2022-07-15  8:10 Dan Carpenter
  2022-07-15  8:12 ` [PATCH 2/2] null_blk: fix ida error handling in null_add_dev() Dan Carpenter
                   ` (2 more replies)
  0 siblings, 3 replies; 6+ messages in thread
From: Dan Carpenter @ 2022-07-15  8:10 UTC (permalink / raw)
  To: Jens Axboe, Vincent Fu
  Cc: Chaitanya Kulkarni, Damien Le Moal, Johannes Thumshirn, Ming Lei,
	Shin'ichiro Kawasaki, linux-block, kernel-janitors

The "nullb" pointer can be NULL.  Smatch prints a warning about this:

    drivers/block/null_blk/main.c:1914 null_init_tag_set()
    error: we previously assumed 'nullb' could be null (see line 1911)

Fixes: 37ae152c7a0d ("null_blk: add configfs variables for 2 options")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
 drivers/block/null_blk/main.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/block/null_blk/main.c b/drivers/block/null_blk/main.c
index 67c17e5d2c99..016ec3a2f98f 100644
--- a/drivers/block/null_blk/main.c
+++ b/drivers/block/null_blk/main.c
@@ -1911,9 +1911,9 @@ static int null_init_tag_set(struct nullb *nullb, struct blk_mq_tag_set *set)
 	set->numa_node = nullb ? nullb->dev->home_node : g_home_node;
 	set->cmd_size	= sizeof(struct nullb_cmd);
 	set->flags = BLK_MQ_F_SHOULD_MERGE;
-	if (nullb->dev->no_sched)
+	if (nullb && nullb->dev->no_sched)
 		set->flags |= BLK_MQ_F_NO_SCHED;
-	if (nullb->dev->shared_tag_bitmap)
+	if (nullb && nullb->dev->shared_tag_bitmap)
 		set->flags |= BLK_MQ_F_TAG_HCTX_SHARED;
 	set->driver_data = nullb;
 	if (poll_queues)
-- 
2.35.1


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [PATCH 2/2] null_blk: fix ida error handling in null_add_dev()
  2022-07-15  8:10 [PATCH 1/2] null_blk: prevent NULL dereference in null_init_tag_set() Dan Carpenter
@ 2022-07-15  8:12 ` Dan Carpenter
  2022-07-15  8:23   ` Johannes Thumshirn
  2022-07-15  9:26 ` [PATCH 1/2] null_blk: prevent NULL dereference in null_init_tag_set() Ming Lei
  2022-07-15 15:05 ` (subset) " Jens Axboe
  2 siblings, 1 reply; 6+ messages in thread
From: Dan Carpenter @ 2022-07-15  8:12 UTC (permalink / raw)
  To: Jens Axboe, Shaohua Li
  Cc: Chaitanya Kulkarni, Damien Le Moal, Johannes Thumshirn, Ming Lei,
	Vincent Fu, Shin'ichiro Kawasaki, linux-block,
	kernel-janitors

There needs to be some error checking if ida_simple_get() fails.
Also call ida_free() if there are errors later.

Fixes: 94bc02e30fb8 ("nullb: use ida to manage index")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
 drivers/block/null_blk/main.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/drivers/block/null_blk/main.c b/drivers/block/null_blk/main.c
index 016ec3a2f98f..3d334d46d5f6 100644
--- a/drivers/block/null_blk/main.c
+++ b/drivers/block/null_blk/main.c
@@ -2074,8 +2074,13 @@ static int null_add_dev(struct nullb_device *dev)
 	blk_queue_flag_clear(QUEUE_FLAG_ADD_RANDOM, nullb->q);
 
 	mutex_lock(&lock);
-	nullb->index = ida_simple_get(&nullb_indexes, 0, 0, GFP_KERNEL);
-	dev->index = nullb->index;
+	rv = ida_simple_get(&nullb_indexes, 0, 0, GFP_KERNEL);
+	if (rv < 0) {
+		mutex_unlock(&lock);
+		goto out_cleanup_zone;
+	}
+	nullb->index = rv;
+	dev->index = rv;
 	mutex_unlock(&lock);
 
 	blk_queue_logical_block_size(nullb->q, dev->blocksize);
@@ -2101,7 +2106,7 @@ static int null_add_dev(struct nullb_device *dev)
 
 	rv = null_gendisk_register(nullb);
 	if (rv)
-		goto out_cleanup_zone;
+		goto out_ida_free;
 
 	mutex_lock(&lock);
 	list_add_tail(&nullb->list, &nullb_list);
@@ -2110,6 +2115,9 @@ static int null_add_dev(struct nullb_device *dev)
 	pr_info("disk %s created\n", nullb->disk_name);
 
 	return 0;
+
+out_ida_free:
+	ida_free(&nullb_indexes, nullb->index);
 out_cleanup_zone:
 	null_free_zoned_dev(dev);
 out_cleanup_disk:
-- 
2.35.1


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH 2/2] null_blk: fix ida error handling in null_add_dev()
  2022-07-15  8:12 ` [PATCH 2/2] null_blk: fix ida error handling in null_add_dev() Dan Carpenter
@ 2022-07-15  8:23   ` Johannes Thumshirn
  2022-07-15  9:14     ` Dan Carpenter
  0 siblings, 1 reply; 6+ messages in thread
From: Johannes Thumshirn @ 2022-07-15  8:23 UTC (permalink / raw)
  To: Dan Carpenter, Jens Axboe, Shaohua Li
  Cc: Chaitanya Kulkarni, Damien Le Moal, Ming Lei, Vincent Fu,
	Shinichiro Kawasaki, linux-block@vger.kernel.org,
	kernel-janitors@vger.kernel.org

On 15.07.22 10:12, Dan Carpenter wrote:
> -	nullb->index = ida_simple_get(&nullb_indexes, 0, 0, GFP_KERNEL);
> -	dev->index = nullb->index;
> +	rv = ida_simple_get(&nullb_indexes, 0, 0, GFP_KERNEL);
> +	if (rv < 0) {
> +		mutex_unlock(&lock);
> +		goto out_cleanup_zone;
> +	}
> +	nullb->index = rv;
> +	dev->index = rv;

Isn't ida_simple_get() deprecated? And actually the 'max' argument is 0 here,
so ida_alloc_range() tries to allocate a number between 0 and 0?

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH 2/2] null_blk: fix ida error handling in null_add_dev()
  2022-07-15  8:23   ` Johannes Thumshirn
@ 2022-07-15  9:14     ` Dan Carpenter
  0 siblings, 0 replies; 6+ messages in thread
From: Dan Carpenter @ 2022-07-15  9:14 UTC (permalink / raw)
  To: Johannes Thumshirn
  Cc: Jens Axboe, Shaohua Li, Chaitanya Kulkarni, Damien Le Moal,
	Ming Lei, Vincent Fu, Shinichiro Kawasaki,
	linux-block@vger.kernel.org, kernel-janitors@vger.kernel.org

On Fri, Jul 15, 2022 at 08:23:24AM +0000, Johannes Thumshirn wrote:
> On 15.07.22 10:12, Dan Carpenter wrote:
> > -	nullb->index = ida_simple_get(&nullb_indexes, 0, 0, GFP_KERNEL);
> > -	dev->index = nullb->index;
> > +	rv = ida_simple_get(&nullb_indexes, 0, 0, GFP_KERNEL);
> > +	if (rv < 0) {
> > +		mutex_unlock(&lock);
> > +		goto out_cleanup_zone;
> > +	}
> > +	nullb->index = rv;
> > +	dev->index = rv;
> 
> Isn't ida_simple_get() deprecated? And actually the 'max' argument is 0 here,
> so ida_alloc_range() tries to allocate a number between 0 and 0?

That was already there in the original code.  I was just fixing the bugs,
not doing cleanup.

The second zero means use INT_MAX.  (When a function has "simple" in
the name it is always intended ironically).

regards,
dan carpenter

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH 1/2] null_blk: prevent NULL dereference in null_init_tag_set()
  2022-07-15  8:10 [PATCH 1/2] null_blk: prevent NULL dereference in null_init_tag_set() Dan Carpenter
  2022-07-15  8:12 ` [PATCH 2/2] null_blk: fix ida error handling in null_add_dev() Dan Carpenter
@ 2022-07-15  9:26 ` Ming Lei
  2022-07-15 15:05 ` (subset) " Jens Axboe
  2 siblings, 0 replies; 6+ messages in thread
From: Ming Lei @ 2022-07-15  9:26 UTC (permalink / raw)
  To: Dan Carpenter
  Cc: Jens Axboe, Vincent Fu, Chaitanya Kulkarni, Damien Le Moal,
	Johannes Thumshirn, Shin'ichiro Kawasaki, linux-block,
	kernel-janitors

Hello Dan,

On Fri, Jul 15, 2022 at 11:10:50AM +0300, Dan Carpenter wrote:
> The "nullb" pointer can be NULL.  Smatch prints a warning about this:
> 
>     drivers/block/null_blk/main.c:1914 null_init_tag_set()
>     error: we previously assumed 'nullb' could be null (see line 1911)
> 
> Fixes: 37ae152c7a0d ("null_blk: add configfs variables for 2 options")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

FYI,

I have posted another fix/cleanup for this issue:

https://lore.kernel.org/linux-block/20220715031916.151469-1-ming.lei@redhat.com/T/#u


Thanks,
Ming


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: (subset) [PATCH 1/2] null_blk: prevent NULL dereference in null_init_tag_set()
  2022-07-15  8:10 [PATCH 1/2] null_blk: prevent NULL dereference in null_init_tag_set() Dan Carpenter
  2022-07-15  8:12 ` [PATCH 2/2] null_blk: fix ida error handling in null_add_dev() Dan Carpenter
  2022-07-15  9:26 ` [PATCH 1/2] null_blk: prevent NULL dereference in null_init_tag_set() Ming Lei
@ 2022-07-15 15:05 ` Jens Axboe
  2 siblings, 0 replies; 6+ messages in thread
From: Jens Axboe @ 2022-07-15 15:05 UTC (permalink / raw)
  To: vincent.fu, dan.carpenter
  Cc: linux-block, ming.lei, johannes.thumshirn, kernel-janitors,
	damien.lemoal, kch, shinichiro.kawasaki

On Fri, 15 Jul 2022 11:10:50 +0300, Dan Carpenter wrote:
> The "nullb" pointer can be NULL.  Smatch prints a warning about this:
> 
>     drivers/block/null_blk/main.c:1914 null_init_tag_set()
>     error: we previously assumed 'nullb' could be null (see line 1911)
> 
> 

Applied, thanks!

[2/2] null_blk: fix ida error handling in null_add_dev()
      commit: 8c740c6bf12dec03b6f35b19fe6c183929d0b88a

Best regards,
-- 
Jens Axboe



^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2022-07-15 15:05 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-07-15  8:10 [PATCH 1/2] null_blk: prevent NULL dereference in null_init_tag_set() Dan Carpenter
2022-07-15  8:12 ` [PATCH 2/2] null_blk: fix ida error handling in null_add_dev() Dan Carpenter
2022-07-15  8:23   ` Johannes Thumshirn
2022-07-15  9:14     ` Dan Carpenter
2022-07-15  9:26 ` [PATCH 1/2] null_blk: prevent NULL dereference in null_init_tag_set() Ming Lei
2022-07-15 15:05 ` (subset) " Jens Axboe

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).