From mboxrd@z Thu Jan 1 00:00:00 1970 From: Yufen Yu Subject: [PATCH v2] md: add mddev->pers to avoid potential NULL pointer dereference Date: Tue, 2 Apr 2019 14:22:14 +0800 Message-ID: <20190402062214.136669-1-yuyufen@huawei.com> Mime-Version: 1.0 Content-Type: text/plain Return-path: Sender: stable-owner@vger.kernel.org To: axboe@kernel.dk, songliubraving@fb.com Cc: neilb@suse.com, xni@redhat.com, linux-raid@vger.kernel.org, stable@vger.kernel.org List-Id: linux-raid.ids When doing re-add, we need to ensure rdev->mddev->pers is not NULL, which can avoid potential NULL pointer derefence in fallowing add_bound_rdev(). Fixes: a6da4ef85cef ("md: re-add a failed disk") Cc: Xiao Ni Cc: NeilBrown Cc: Signed-off-by: Yufen Yu --- drivers/md/md.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/md/md.c b/drivers/md/md.c index 875b29ba5926..66b6bdf9f364 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -2859,8 +2859,10 @@ state_store(struct md_rdev *rdev, const char *buf, size_t len) err = 0; } } else if (cmd_match(buf, "re-add")) { - if (test_bit(Faulty, &rdev->flags) && (rdev->raid_disk == -1) && - rdev->saved_raid_disk >= 0) { + if (!rdev->mddev->pers) + err = -EINVAL; + else if (test_bit(Faulty, &rdev->flags) && (rdev->raid_disk == -1) && + rdev->saved_raid_disk >= 0) { /* clear_bit is performed _after_ all the devices * have their local Faulty bit cleared. If any writes * happen in the meantime in the local node, they -- 2.16.2.dirty From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A58CBC43381 for ; Tue, 2 Apr 2019 06:18:01 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 71B2A20840 for ; Tue, 2 Apr 2019 06:18:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726654AbfDBGSA (ORCPT ); Tue, 2 Apr 2019 02:18:00 -0400 Received: from szxga06-in.huawei.com ([45.249.212.32]:60368 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726157AbfDBGSA (ORCPT ); Tue, 2 Apr 2019 02:18:00 -0400 Received: from DGGEMS414-HUB.china.huawei.com (unknown [10.3.19.214]) by Forcepoint Email with ESMTP id 440CAA44694480748E61; Tue, 2 Apr 2019 14:17:56 +0800 (CST) Received: from huawei.com (10.90.53.225) by DGGEMS414-HUB.china.huawei.com (10.3.19.214) with Microsoft SMTP Server id 14.3.408.0; Tue, 2 Apr 2019 14:17:53 +0800 From: Yufen Yu To: , CC: , , , Subject: [PATCH v2] md: add mddev->pers to avoid potential NULL pointer dereference Date: Tue, 2 Apr 2019 14:22:14 +0800 Message-ID: <20190402062214.136669-1-yuyufen@huawei.com> X-Mailer: git-send-email 2.16.2.dirty MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.90.53.225] Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org When doing re-add, we need to ensure rdev->mddev->pers is not NULL, which can avoid potential NULL pointer derefence in fallowing add_bound_rdev(). Fixes: a6da4ef85cef ("md: re-add a failed disk") Cc: Xiao Ni Cc: NeilBrown Cc: Signed-off-by: Yufen Yu --- drivers/md/md.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/md/md.c b/drivers/md/md.c index 875b29ba5926..66b6bdf9f364 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -2859,8 +2859,10 @@ state_store(struct md_rdev *rdev, const char *buf, size_t len) err = 0; } } else if (cmd_match(buf, "re-add")) { - if (test_bit(Faulty, &rdev->flags) && (rdev->raid_disk == -1) && - rdev->saved_raid_disk >= 0) { + if (!rdev->mddev->pers) + err = -EINVAL; + else if (test_bit(Faulty, &rdev->flags) && (rdev->raid_disk == -1) && + rdev->saved_raid_disk >= 0) { /* clear_bit is performed _after_ all the devices * have their local Faulty bit cleared. If any writes * happen in the meantime in the local node, they -- 2.16.2.dirty