* [PATCH] dm-region-hash: fix a missing-check bug in __rh_alloc()
@ 2019-05-27 0:50 Gen Zhang
2019-05-27 1:49 ` Mike Snitzer
0 siblings, 1 reply; 5+ messages in thread
From: Gen Zhang @ 2019-05-27 0:50 UTC (permalink / raw)
To: agk, snitzer; +Cc: dm-devel, linux-kernel
In function __rh_alloc(), the pointer nreg is allocated a memory space
via kmalloc(). And it is used in the following codes. However, when
there is a memory allocation error, kmalloc() fails. Thus null pointer
dereference may happen. And it will cause the kernel to crash. Therefore,
we should check the return value and handle the error.
Further, in __rh_find(), we should also check the return value and
handle the error.
Signed-off-by: Gen Zhang <blackgod016574@gmail.com>
---
diff --git a/drivers/md/dm-region-hash.c b/drivers/md/dm-region-hash.c
index 1f76045..2fa1641 100644
--- a/drivers/md/dm-region-hash.c
+++ b/drivers/md/dm-region-hash.c
@@ -290,8 +290,11 @@ static struct dm_region *__rh_alloc(struct dm_region_hash *rh, region_t region)
struct dm_region *reg, *nreg;
nreg = mempool_alloc(&rh->region_pool, GFP_ATOMIC);
- if (unlikely(!nreg))
+ if (unlikely(!nreg)) {
nreg = kmalloc(sizeof(*nreg), GFP_NOIO | __GFP_NOFAIL);
+ if (!nreg)
+ return NULL;
+ }
nreg->state = rh->log->type->in_sync(rh->log, region, 1) ?
DM_RH_CLEAN : DM_RH_NOSYNC;
@@ -329,6 +332,8 @@ static struct dm_region *__rh_find(struct dm_region_hash *rh, region_t region)
if (!reg) {
read_unlock(&rh->hash_lock);
reg = __rh_alloc(rh, region);
+ if (!reg)
+ return NULL;
read_lock(&rh->hash_lock);
}
---
^ permalink raw reply related [flat|nested] 5+ messages in thread* Re: dm-region-hash: fix a missing-check bug in __rh_alloc()
2019-05-27 0:50 [PATCH] dm-region-hash: fix a missing-check bug in __rh_alloc() Gen Zhang
@ 2019-05-27 1:49 ` Mike Snitzer
2019-05-27 3:12 ` Gen Zhang
0 siblings, 1 reply; 5+ messages in thread
From: Mike Snitzer @ 2019-05-27 1:49 UTC (permalink / raw)
To: Gen Zhang; +Cc: agk, dm-devel, linux-kernel
On Sun, May 26 2019 at 8:50pm -0400,
Gen Zhang <blackgod016574@gmail.com> wrote:
> In function __rh_alloc(), the pointer nreg is allocated a memory space
> via kmalloc(). And it is used in the following codes. However, when
> there is a memory allocation error, kmalloc() fails. Thus null pointer
> dereference may happen. And it will cause the kernel to crash. Therefore,
> we should check the return value and handle the error.
> Further, in __rh_find(), we should also check the return value and
> handle the error.
>
> Signed-off-by: Gen Zhang <blackgod016574@gmail.com>
> ---
> diff --git a/drivers/md/dm-region-hash.c b/drivers/md/dm-region-hash.c
> index 1f76045..2fa1641 100644
> --- a/drivers/md/dm-region-hash.c
> +++ b/drivers/md/dm-region-hash.c
> @@ -290,8 +290,11 @@ static struct dm_region *__rh_alloc(struct dm_region_hash *rh, region_t region)
> struct dm_region *reg, *nreg;
>
> nreg = mempool_alloc(&rh->region_pool, GFP_ATOMIC);
> - if (unlikely(!nreg))
> + if (unlikely(!nreg)) {
> nreg = kmalloc(sizeof(*nreg), GFP_NOIO | __GFP_NOFAIL);
> + if (!nreg)
> + return NULL;
> + }
>
> nreg->state = rh->log->type->in_sync(rh->log, region, 1) ?
> DM_RH_CLEAN : DM_RH_NOSYNC;
This patch isn't needed. __GFP_NOFAIL means the allocation won't fail.
And there are many other users of __GFP_NOFAIL that don't check for
failure.
Mike
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: dm-region-hash: fix a missing-check bug in __rh_alloc()
2019-05-27 1:49 ` Mike Snitzer
@ 2019-05-27 3:12 ` Gen Zhang
0 siblings, 0 replies; 5+ messages in thread
From: Gen Zhang @ 2019-05-27 3:12 UTC (permalink / raw)
To: Mike Snitzer; +Cc: agk, dm-devel, linux-kernel
On Sun, May 26, 2019 at 09:49:14PM -0400, Mike Snitzer wrote:
> On Sun, May 26 2019 at 8:50pm -0400,
> Gen Zhang <blackgod016574@gmail.com> wrote:
>
> > In function __rh_alloc(), the pointer nreg is allocated a memory space
> > via kmalloc(). And it is used in the following codes. However, when
> > there is a memory allocation error, kmalloc() fails. Thus null pointer
> > dereference may happen. And it will cause the kernel to crash. Therefore,
> > we should check the return value and handle the error.
> > Further, in __rh_find(), we should also check the return value and
> > handle the error.
> >
> > Signed-off-by: Gen Zhang <blackgod016574@gmail.com>
> > ---
> > diff --git a/drivers/md/dm-region-hash.c b/drivers/md/dm-region-hash.c
> > index 1f76045..2fa1641 100644
> > --- a/drivers/md/dm-region-hash.c
> > +++ b/drivers/md/dm-region-hash.c
> > @@ -290,8 +290,11 @@ static struct dm_region *__rh_alloc(struct dm_region_hash *rh, region_t region)
> > struct dm_region *reg, *nreg;
> >
> > nreg = mempool_alloc(&rh->region_pool, GFP_ATOMIC);
> > - if (unlikely(!nreg))
> > + if (unlikely(!nreg)) {
> > nreg = kmalloc(sizeof(*nreg), GFP_NOIO | __GFP_NOFAIL);
> > + if (!nreg)
> > + return NULL;
> > + }
> >
> > nreg->state = rh->log->type->in_sync(rh->log, region, 1) ?
> > DM_RH_CLEAN : DM_RH_NOSYNC;
>
> This patch isn't needed. __GFP_NOFAIL means the allocation won't fail.
>
> And there are many other users of __GFP_NOFAIL that don't check for
> failure.
>
> Mike
Appreciate your reply, Mike.
Thanks
Gen
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH] dm-region-hash: Fix a missing-check bug in __rh_alloc()
@ 2019-05-24 3:12 Gen Zhang
2019-06-05 6:05 ` Jiri Slaby
0 siblings, 1 reply; 5+ messages in thread
From: Gen Zhang @ 2019-05-24 3:12 UTC (permalink / raw)
To: agk, snitzer, dm-devel; +Cc: linux-kernel
In function __rh_alloc(), the pointer nreg is allocated a memory space
via kmalloc(). And it is used in the following codes. However, when
there is a memory allocation error, kmalloc() fails. Thus null pointer
dereference may happen. And it will cause the kernel to crash. Therefore,
we should check the return value and handle the error.
Further, in __rh_find(), we should also check the return value and
handle the error.
Signed-off-by: Gen Zhang <blackgod016574@gmail.com>
---
diff --git a/drivers/md/dm-region-hash.c b/drivers/md/dm-region-hash.c
index 1f76045..2fa1641 100644
--- a/drivers/md/dm-region-hash.c
+++ b/drivers/md/dm-region-hash.c
@@ -290,8 +290,11 @@ static struct dm_region *__rh_alloc(struct dm_region_hash *rh, region_t region)
struct dm_region *reg, *nreg;
nreg = mempool_alloc(&rh->region_pool, GFP_ATOMIC);
- if (unlikely(!nreg))
+ if (unlikely(!nreg)) {
nreg = kmalloc(sizeof(*nreg), GFP_NOIO | __GFP_NOFAIL);
+ if (!nreg)
+ return NULL;
+ }
nreg->state = rh->log->type->in_sync(rh->log, region, 1) ?
DM_RH_CLEAN : DM_RH_NOSYNC;
@@ -329,6 +332,8 @@ static struct dm_region *__rh_find(struct dm_region_hash *rh, region_t region)
if (!reg) {
read_unlock(&rh->hash_lock);
reg = __rh_alloc(rh, region);
+ if (!reg)
+ return NULL;
read_lock(&rh->hash_lock);
}
---
^ permalink raw reply related [flat|nested] 5+ messages in thread* Re: [PATCH] dm-region-hash: Fix a missing-check bug in __rh_alloc()
2019-05-24 3:12 [PATCH] dm-region-hash: Fix " Gen Zhang
@ 2019-06-05 6:05 ` Jiri Slaby
2019-06-05 12:21 ` Mike Snitzer
0 siblings, 1 reply; 5+ messages in thread
From: Jiri Slaby @ 2019-06-05 6:05 UTC (permalink / raw)
To: Gen Zhang, agk, snitzer, dm-devel; +Cc: linux-kernel
On 24. 05. 19, 5:12, Gen Zhang wrote:
> In function __rh_alloc(), the pointer nreg is allocated a memory space
> via kmalloc(). And it is used in the following codes. However, when
> there is a memory allocation error, kmalloc() fails. Thus null pointer
> dereference may happen. And it will cause the kernel to crash. Therefore,
> we should check the return value and handle the error.
> Further, in __rh_find(), we should also check the return value and
> handle the error.
>
> Signed-off-by: Gen Zhang <blackgod016574@gmail.com>
>
> ---
> diff --git a/drivers/md/dm-region-hash.c b/drivers/md/dm-region-hash.c
> index 1f76045..2fa1641 100644
> --- a/drivers/md/dm-region-hash.c
> +++ b/drivers/md/dm-region-hash.c
> @@ -290,8 +290,11 @@ static struct dm_region *__rh_alloc(struct dm_region_hash *rh, region_t region)
> struct dm_region *reg, *nreg;
>
> nreg = mempool_alloc(&rh->region_pool, GFP_ATOMIC);
> - if (unlikely(!nreg))
> + if (unlikely(!nreg)) {
> nreg = kmalloc(sizeof(*nreg), GFP_NOIO | __GFP_NOFAIL);
> + if (!nreg)
> + return NULL;
What's the purpose of checking NO_FAIL allocations?
thanks,
--
js
suse labs
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: dm-region-hash: Fix a missing-check bug in __rh_alloc()
2019-06-05 6:05 ` Jiri Slaby
@ 2019-06-05 12:21 ` Mike Snitzer
2019-06-05 14:58 ` Gen Zhang
0 siblings, 1 reply; 5+ messages in thread
From: Mike Snitzer @ 2019-06-05 12:21 UTC (permalink / raw)
To: Jiri Slaby; +Cc: Gen Zhang, agk, dm-devel, linux-kernel
On Wed, Jun 05 2019 at 2:05am -0400,
Jiri Slaby <jslaby@suse.cz> wrote:
> On 24. 05. 19, 5:12, Gen Zhang wrote:
> > In function __rh_alloc(), the pointer nreg is allocated a memory space
> > via kmalloc(). And it is used in the following codes. However, when
> > there is a memory allocation error, kmalloc() fails. Thus null pointer
> > dereference may happen. And it will cause the kernel to crash. Therefore,
> > we should check the return value and handle the error.
> > Further, in __rh_find(), we should also check the return value and
> > handle the error.
> >
> > Signed-off-by: Gen Zhang <blackgod016574@gmail.com>
> >
> > ---
> > diff --git a/drivers/md/dm-region-hash.c b/drivers/md/dm-region-hash.c
> > index 1f76045..2fa1641 100644
> > --- a/drivers/md/dm-region-hash.c
> > +++ b/drivers/md/dm-region-hash.c
> > @@ -290,8 +290,11 @@ static struct dm_region *__rh_alloc(struct dm_region_hash *rh, region_t region)
> > struct dm_region *reg, *nreg;
> >
> > nreg = mempool_alloc(&rh->region_pool, GFP_ATOMIC);
> > - if (unlikely(!nreg))
> > + if (unlikely(!nreg)) {
> > nreg = kmalloc(sizeof(*nreg), GFP_NOIO | __GFP_NOFAIL);
> > + if (!nreg)
> > + return NULL;
>
> What's the purpose of checking NO_FAIL allocations?
There isn't, that was already pointed out in a different thread for this
same patch (think patch was posted twice):
https://www.redhat.com/archives/dm-devel/2019-May/msg00124.html
Mike
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: dm-region-hash: Fix a missing-check bug in __rh_alloc()
2019-06-05 12:21 ` Mike Snitzer
@ 2019-06-05 14:58 ` Gen Zhang
0 siblings, 0 replies; 5+ messages in thread
From: Gen Zhang @ 2019-06-05 14:58 UTC (permalink / raw)
To: Mike Snitzer; +Cc: Jiri Slaby, agk, dm-devel, linux-kernel
On Wed, Jun 05, 2019 at 08:21:59AM -0400, Mike Snitzer wrote:
> On Wed, Jun 05 2019 at 2:05am -0400,
> Jiri Slaby <jslaby@suse.cz> wrote:
>
> > On 24. 05. 19, 5:12, Gen Zhang wrote:
> > > In function __rh_alloc(), the pointer nreg is allocated a memory space
> > > via kmalloc(). And it is used in the following codes. However, when
> > > there is a memory allocation error, kmalloc() fails. Thus null pointer
> > > dereference may happen. And it will cause the kernel to crash. Therefore,
> > > we should check the return value and handle the error.
> > > Further, in __rh_find(), we should also check the return value and
> > > handle the error.
> > >
> > > Signed-off-by: Gen Zhang <blackgod016574@gmail.com>
> > >
> > > ---
> > > diff --git a/drivers/md/dm-region-hash.c b/drivers/md/dm-region-hash.c
> > > index 1f76045..2fa1641 100644
> > > --- a/drivers/md/dm-region-hash.c
> > > +++ b/drivers/md/dm-region-hash.c
> > > @@ -290,8 +290,11 @@ static struct dm_region *__rh_alloc(struct dm_region_hash *rh, region_t region)
> > > struct dm_region *reg, *nreg;
> > >
> > > nreg = mempool_alloc(&rh->region_pool, GFP_ATOMIC);
> > > - if (unlikely(!nreg))
> > > + if (unlikely(!nreg)) {
> > > nreg = kmalloc(sizeof(*nreg), GFP_NOIO | __GFP_NOFAIL);
> > > + if (!nreg)
> > > + return NULL;
> >
> > What's the purpose of checking NO_FAIL allocations?
>
> There isn't, that was already pointed out in a different thread for this
> same patch (think patch was posted twice):
> https://www.redhat.com/archives/dm-devel/2019-May/msg00124.html
>
> Mike
Thanks for your reply. The first thread is not replied for a period, so
the second one is posted. But I don't know why Jiri replied to the first
thread.
Thanks
Gen
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-06-05 14:58 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-27 0:50 [PATCH] dm-region-hash: fix a missing-check bug in __rh_alloc() Gen Zhang
2019-05-27 1:49 ` Mike Snitzer
2019-05-27 3:12 ` Gen Zhang
-- strict thread matches above, loose matches on Subject: below --
2019-05-24 3:12 [PATCH] dm-region-hash: Fix " Gen Zhang
2019-06-05 6:05 ` Jiri Slaby
2019-06-05 12:21 ` Mike Snitzer
2019-06-05 14:58 ` Gen Zhang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).