[PATCH] [dm]fix NULL pointer in dm_exception_store

stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] [dm]fix NULL pointer in dm_exception_store_create() when create dm device
@ 2016-02-01  7:05 DingXiang
  2016-02-01 20:42 ` Greg KH
  0 siblings, 1 reply; 2+ messages in thread
From: DingXiang @ 2016-02-01  7:05 UTC (permalink / raw)
  To: snitzer; +Cc: stable, linux-kernel, kernel-janitors, DingXiang

In some conditions(such as umount fs failed),origin path or origin bdev or both of the two is same
as cow's.If this happens, origin dev will be freed when get cow dev in function "dm_get_device" ,
then "s->origin->dev" which used by "dm_exception_store_create" will be a NULL pointer.

Signed-off-by:Ding Xiang <dingxiang@huawei.com>
---
 drivers/md/dm-snap.c |   10 ++++++++++
 1 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/drivers/md/dm-snap.c b/drivers/md/dm-snap.c
index 3766386..ccf97d8 100644
--- a/drivers/md/dm-snap.c
+++ b/drivers/md/dm-snap.c
@@ -1102,6 +1102,7 @@ static void stop_merge(struct dm_snapshot *s)
 static int snapshot_ctr(struct dm_target *ti, unsigned int argc, char **argv)
 {
 	struct dm_snapshot *s;
+	struct block_device *origin_bdev, *cow_bdev;
 	int i;
 	int r = -EINVAL;
 	char *origin_path, *cow_path;
@@ -1136,10 +1137,19 @@ static int snapshot_ctr(struct dm_target *ti, unsigned int argc, char **argv)
 		goto bad_origin;
 	}
 
+	origin_bdev = s->origin->bdev;
 	cow_path = argv[0];
 	argv++;
 	argc--;
 
+	/*check cow dev is available*/
+	cow_bdev = lookup_bdev(cow_path);
+	if(cow_bdev->bd_dev == origin_bdev->bd_dev){
+		ti->error = "Invalid COW device";
+		r = -EINVAL;
+		goto bad_cow;
+	}
+
 	r = dm_get_device(ti, cow_path, dm_table_get_mode(ti->table), &s->cow);
 	if (r) {
 		ti->error = "Cannot get COW device";
-- 
1.7.1

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] [dm]fix NULL pointer in dm_exception_store_create() when create dm device
  2016-02-01  7:05 [PATCH] [dm]fix NULL pointer in dm_exception_store_create() when create dm device DingXiang
@ 2016-02-01 20:42 ` Greg KH
  0 siblings, 0 replies; 2+ messages in thread
From: Greg KH @ 2016-02-01 20:42 UTC (permalink / raw)
  To: DingXiang; +Cc: snitzer, stable, linux-kernel, kernel-janitors

On Mon, Feb 01, 2016 at 03:05:58PM +0800, DingXiang wrote:
> In some conditions(such as umount fs failed),origin path or origin bdev or both of the two is same
> as cow's.If this happens, origin dev will be freed when get cow dev in function "dm_get_device" ,
> then "s->origin->dev" which used by "dm_exception_store_create" will be a NULL pointer.
> 
> Signed-off-by:Ding Xiang <dingxiang@huawei.com>
> ---
>  drivers/md/dm-snap.c |   10 ++++++++++
>  1 files changed, 10 insertions(+), 0 deletions(-)

<formletter>

This is not the correct way to submit patches for inclusion in the
stable kernel tree.  Please read Documentation/stable_kernel_rules.txt
for how to do this properly.

</formletter>

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2016-02-01 20:42 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-02-01  7:05 [PATCH] [dm]fix NULL pointer in dm_exception_store_create() when create dm device DingXiang
2016-02-01 20:42 ` Greg KH

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).