From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 64996C433DF for ; Sat, 8 Aug 2020 23:43:54 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2F2892053B for ; Sat, 8 Aug 2020 23:43:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596930234; bh=aYbZFZAHTLy3UcV8xwsyYILmR4yEHjaWIROYwmwIX6I=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=Bk2vcl3y4mXq3ZD39/CtX/u2uiM4mJ4Fe0cGn0NzJO2cqZ09At6TmNwzhO/W4GR7J IPM/RMUwq0U6RmouRG1rTgrtK3ctlYWA39lPoAdP0K02J/qeAEeVn/oXT6pu3RbZBy CUHc/cRGMVFJfzF75In2Hf9LopOETVRxOip5TT0c= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728112AbgHHXnw (ORCPT ); Sat, 8 Aug 2020 19:43:52 -0400 Received: from mail.kernel.org ([198.145.29.99]:54464 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728585AbgHHXjg (ORCPT ); Sat, 8 Aug 2020 19:39:36 -0400 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id EE45520855; Sat, 8 Aug 2020 23:39:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596929975; bh=aYbZFZAHTLy3UcV8xwsyYILmR4yEHjaWIROYwmwIX6I=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=rjyv/JLNT3L7TRfPYgtBfLn1DIp2bKMTKjyxKrWCToAFm0oE/KK+EBRzA5/jjt9BL gzg7PO/T7BOkFw6BAzbO1UoDPaGAYkOxwh2J8PPcWA0gzfHSsmvo/Zt5zE5ayaoGyl vXMtSQQupqDgzK7Nz5sy3OgVVwKodsnCkH0sdZbs= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Colin Ian King , "Guilherme G . Piccoli" , Song Liu , Sasha Levin , linux-raid@vger.kernel.org Subject: [PATCH AUTOSEL 5.4 36/40] md: raid0/linear: fix dereference before null check on pointer mddev Date: Sat, 8 Aug 2020 19:38:40 -0400 Message-Id: <20200808233844.3618823-36-sashal@kernel.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200808233844.3618823-1-sashal@kernel.org> References: <20200808233844.3618823-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Colin Ian King [ Upstream commit 9a5a85972c073f720d81a7ebd08bfe278e6e16db ] Pointer mddev is being dereferenced with a test_bit call before mddev is being null checked, this may cause a null pointer dereference. Fix this by moving the null pointer checks to sanity check mddev before it is dereferenced. Addresses-Coverity: ("Dereference before null check") Fixes: 62f7b1989c02 ("md raid0/linear: Mark array as 'broken' and fail BIOs if a member is gone") Signed-off-by: Colin Ian King Reviewed-by: Guilherme G. Piccoli Signed-off-by: Song Liu Signed-off-by: Sasha Levin --- drivers/md/md.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/md/md.c b/drivers/md/md.c index 5a378a453a2d4..acef01e519d06 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -376,17 +376,18 @@ static blk_qc_t md_make_request(struct request_queue *q, struct bio *bio) struct mddev *mddev = q->queuedata; unsigned int sectors; - if (unlikely(test_bit(MD_BROKEN, &mddev->flags)) && (rw == WRITE)) { + if (mddev == NULL || mddev->pers == NULL) { bio_io_error(bio); return BLK_QC_T_NONE; } - blk_queue_split(q, &bio); - - if (mddev == NULL || mddev->pers == NULL) { + if (unlikely(test_bit(MD_BROKEN, &mddev->flags)) && (rw == WRITE)) { bio_io_error(bio); return BLK_QC_T_NONE; } + + blk_queue_split(q, &bio); + if (mddev->ro == 1 && unlikely(rw == WRITE)) { if (bio_sectors(bio) != 0) bio->bi_status = BLK_STS_IOERR; -- 2.25.1