Re: [PATCH v2 1/2] scsi: sd: Fix potential NULL pointer dereference

public inbox for linux-scsi@vger.kernel.org
 help / color / mirror / Atom feed

From: Christoph Hellwig <hch@infradead.org>
To: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Cc: linux-scsi@vger.kernel.org,
	"Martin K . Petersen" <martin.petersen@oracle.com>,
	Dongliang Mu <mudongliangabcd@gmail.com>
Subject: Re: [PATCH v2 1/2] scsi: sd: Fix potential NULL pointer dereference
Date: Tue, 31 May 2022 01:08:53 -0700	[thread overview]
Message-ID: <YpXNFfwtPyGt5eVT@infradead.org> (raw)
In-Reply-To: <20220531002812.527368-2-damien.lemoal@opensource.wdc.com>

On Tue, May 31, 2022 at 09:28:11AM +0900, Damien Le Moal wrote:
> If sd_probe() sees an error before sdkp->device is initialized,
> sd_zbc_release_disk() is called, which causes a NULL pointer dereference
> when sd_is_zoned() is called. Avoid this by also testing if a scsi disk
> device pointer is set in sd_is_zoned().

Wouldn't a fix like the one below make more sense?  Until
sd_revalidate_disk and thus sd_zbc_revalidate_zones is called none of
the zone information is filled out, and thus we don't need to clear it.

But at that point we've already initialized the device and thus the
release will handler deal with all the real cleanup:

diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
index 749316462075e..dabdc0eeb3dca 100644
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
@@ -3542,7 +3542,6 @@ static int sd_probe(struct device *dev)
  out_put:
 	put_disk(gd);
  out_free:
-	sd_zbc_release_disk(sdkp);
 	kfree(sdkp);
  out:
 	scsi_autopm_put_device(sdp);

next prev parent reply	other threads:[~2022-05-31  8:08 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-05-31  0:28 [PATCH v2 0/2] sd_zbc fixes Damien Le Moal
2022-05-31  0:28 ` [PATCH v2 1/2] scsi: sd: Fix potential NULL pointer dereference Damien Le Moal
2022-05-31  8:08   ` Christoph Hellwig [this message]
2022-05-31  8:39     ` Damien Le Moal
2022-05-31  0:28 ` [PATCH v2 2/2] scsi: sd_zbc: prevent zone information memory leak Damien Le Moal
2022-05-31  7:57   ` Johannes Thumshirn

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:749316462075 dfblob:dabdc0eeb3dc )
 OR (
bs:"Re: [PATCH v2 1/2] scsi: sd: Fix potential NULL pointer dereference" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YpXNFfwtPyGt5eVT@infradead.org \
    --to=hch@infradead.org \
    --cc=damien.lemoal@opensource.wdc.com \
    --cc=linux-scsi@vger.kernel.org \
    --cc=martin.petersen@oracle.com \
    --cc=mudongliangabcd@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox