[PATCH v1] drivers/md/md-bitmap: check the return value of md_bitmap_get_counter()

[PATCH v1] drivers/md/md-bitmap: check the return value of md_bitmap_get_counter()

[Li Zhong]

Check the return value of md_bitmap_get_counter() in case it returns
NULL pointer, which will result in a null pointer dereference.

Signed-off-by: Li Zhong <floridsleeves@gmail.com>
---
 drivers/md/md-bitmap.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/md/md-bitmap.c b/drivers/md/md-bitmap.c
index bf6dffadbe6f..06ab1098ff99 100644
--- a/drivers/md/md-bitmap.c
+++ b/drivers/md/md-bitmap.c
@@ -2195,7 +2195,7 @@ int md_bitmap_resize(struct bitmap *bitmap, sector_t blocks,
 
 		if (set) {
 			bmc_new = md_bitmap_get_counter(&bitmap->counts, block, &new_blocks, 1);
-			if (*bmc_new == 0) {
+			if (bmc_new && *bmc_new == 0) {
 				/* need to set on-disk bits too. */
 				sector_t end = block + new_blocks;
 				sector_t start = block >> chunkshift;
-- 
2.25.1

Re: [PATCH v1] drivers/md/md-bitmap: check the return value of md_bitmap_get_counter()

[Dan Carpenter]

Hi Li,

https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Li-Zhong/drivers-md-md-bitmap-check-the-return-value-of-md_bitmap_get_counter/20220909-121143
base:   git://git.kernel.org/pub/scm/linux/kernel/git/song/md.git md-next
config: m68k-randconfig-m031-20220909
compiler: m68k-linux-gcc (GCC) 12.1.0

If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>

smatch warnings:
drivers/md/md-bitmap.c:2211 md_bitmap_resize() error: we previously assumed 'bmc_new' could be null (see line 2198)

vim +/bmc_new +2211 drivers/md/md-bitmap.c

c9d65032282943 drivers/md/bitmap.c    Guoqing Jiang     2016-05-02  2184  			} else
c9d65032282943 drivers/md/bitmap.c    Guoqing Jiang     2016-05-02  2185  				bitmap->counts.bp[page].count += 1;
c9d65032282943 drivers/md/bitmap.c    Guoqing Jiang     2016-05-02  2186  		}
c9d65032282943 drivers/md/bitmap.c    Guoqing Jiang     2016-05-02  2187  	}
c9d65032282943 drivers/md/bitmap.c    Guoqing Jiang     2016-05-02  2188  
d60b479d177a57 drivers/md/bitmap.c    NeilBrown         2012-05-22  2189  	for (block = 0; block < blocks; ) {
d60b479d177a57 drivers/md/bitmap.c    NeilBrown         2012-05-22  2190  		bitmap_counter_t *bmc_old, *bmc_new;
d60b479d177a57 drivers/md/bitmap.c    NeilBrown         2012-05-22  2191  		int set;
d60b479d177a57 drivers/md/bitmap.c    NeilBrown         2012-05-22  2192  
e64e4018d57271 drivers/md/md-bitmap.c Andy Shevchenko   2018-08-01  2193  		bmc_old = md_bitmap_get_counter(&old_counts, block, &old_blocks, 0);
d60b479d177a57 drivers/md/bitmap.c    NeilBrown         2012-05-22  2194  		set = bmc_old && NEEDED(*bmc_old);
d60b479d177a57 drivers/md/bitmap.c    NeilBrown         2012-05-22  2195  
d60b479d177a57 drivers/md/bitmap.c    NeilBrown         2012-05-22  2196  		if (set) {
e64e4018d57271 drivers/md/md-bitmap.c Andy Shevchenko   2018-08-01  2197  			bmc_new = md_bitmap_get_counter(&bitmap->counts, block, &new_blocks, 1);
a0b3a521efba6a drivers/md/md-bitmap.c Li Zhong          2022-09-08 @2198  			if (bmc_new && *bmc_new == 0) {
                                                                                                    ^^^^^^^
New check for NULL

d60b479d177a57 drivers/md/bitmap.c    NeilBrown         2012-05-22  2199  				/* need to set on-disk bits too. */
d60b479d177a57 drivers/md/bitmap.c    NeilBrown         2012-05-22  2200  				sector_t end = block + new_blocks;
d60b479d177a57 drivers/md/bitmap.c    NeilBrown         2012-05-22  2201  				sector_t start = block >> chunkshift;
d60b479d177a57 drivers/md/bitmap.c    NeilBrown         2012-05-22  2202  				start <<= chunkshift;
d60b479d177a57 drivers/md/bitmap.c    NeilBrown         2012-05-22  2203  				while (start < end) {
e64e4018d57271 drivers/md/md-bitmap.c Andy Shevchenko   2018-08-01  2204  					md_bitmap_file_set_bit(bitmap, block);
d60b479d177a57 drivers/md/bitmap.c    NeilBrown         2012-05-22  2205  					start += 1 << chunkshift;
d60b479d177a57 drivers/md/bitmap.c    NeilBrown         2012-05-22  2206  				}
d60b479d177a57 drivers/md/bitmap.c    NeilBrown         2012-05-22  2207  				*bmc_new = 2;
e64e4018d57271 drivers/md/md-bitmap.c Andy Shevchenko   2018-08-01  2208  				md_bitmap_count_page(&bitmap->counts, block, 1);
e64e4018d57271 drivers/md/md-bitmap.c Andy Shevchenko   2018-08-01  2209  				md_bitmap_set_pending(&bitmap->counts, block);
d60b479d177a57 drivers/md/bitmap.c    NeilBrown         2012-05-22  2210  			}
d60b479d177a57 drivers/md/bitmap.c    NeilBrown         2012-05-22 @2211  			*bmc_new |= NEEDED_MASK;
                                                                                                ^^^^^^^^
Unchecked dereference

d60b479d177a57 drivers/md/bitmap.c    NeilBrown         2012-05-22  2212  			if (new_blocks < old_blocks)
d60b479d177a57 drivers/md/bitmap.c    NeilBrown         2012-05-22  2213  				old_blocks = new_blocks;
d60b479d177a57 drivers/md/bitmap.c    NeilBrown         2012-05-22  2214  		}
d60b479d177a57 drivers/md/bitmap.c    NeilBrown         2012-05-22  2215  		block += old_blocks;
d60b479d177a57 drivers/md/bitmap.c    NeilBrown         2012-05-22  2216  	}
d60b479d177a57 drivers/md/bitmap.c    NeilBrown         2012-05-22  2217  
0868b99c214a3d drivers/md/md-bitmap.c Zdenek Kabelac    2017-11-08  2218  	if (bitmap->counts.bp != old_counts.bp) {

Re: [PATCH v1] drivers/md/md-bitmap: check the return value of md_bitmap_get_counter()

[Song Liu]

On Thu, Sep 8, 2022 at 9:09 PM Li Zhong <floridsleeves@gmail.com> wrote:
>
> Check the return value of md_bitmap_get_counter() in case it returns
> NULL pointer, which will result in a null pointer dereference.
>
> Signed-off-by: Li Zhong <floridsleeves@gmail.com>

Somehow I didn't get v2 of this in my inbox. So replying to v1:

Applied v2 to md-next.

Thanks,
Song

> ---
>  drivers/md/md-bitmap.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/md/md-bitmap.c b/drivers/md/md-bitmap.c
> index bf6dffadbe6f..06ab1098ff99 100644
> --- a/drivers/md/md-bitmap.c
> +++ b/drivers/md/md-bitmap.c
> @@ -2195,7 +2195,7 @@ int md_bitmap_resize(struct bitmap *bitmap, sector_t blocks,
>
>                 if (set) {
>                         bmc_new = md_bitmap_get_counter(&bitmap->counts, block, &new_blocks, 1);
> -                       if (*bmc_new == 0) {
> +                       if (bmc_new && *bmc_new == 0) {
>                                 /* need to set on-disk bits too. */
>                                 sector_t end = block + new_blocks;
>                                 sector_t start = block >> chunkshift;
> --
> 2.25.1
>