| Message ID | 20190130101141.20132-1-yuehaibing@huawei.com (mailing list archive) |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | [-next] scsi: libfc: Fix potential NULL pointer dereference | expand |
Friendly ping: Who can review or take this, please? Thanks On 2019/1/30 18:11, YueHaibing wrote: > There is a potential NULL pointer dereference in case > fc_rport_create() fails and returns NULL. > > Fixes: 2580064b5ec6 ("scsi: libfc: Replace ->rport_create callback with function call") > Signed-off-by: YueHaibing <yuehaibing@huawei.com> > --- > drivers/scsi/libfc/fc_lport.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/drivers/scsi/libfc/fc_lport.c b/drivers/scsi/libfc/fc_lport.c > index ff943f4..e2a3551 100644 > --- a/drivers/scsi/libfc/fc_lport.c > +++ b/drivers/scsi/libfc/fc_lport.c > @@ -250,6 +250,10 @@ static void fc_lport_ptp_setup(struct fc_lport *lport, > } > mutex_lock(&lport->disc.disc_mutex); > lport->ptp_rdata = fc_rport_create(lport, remote_fid); > + if (!lport->ptp_rdata) { > + mutex_unlock(&lport->disc.disc_mutex); > + return; > + } > kref_get(&lport->ptp_rdata->kref); > lport->ptp_rdata->ids.port_name = remote_wwpn; > lport->ptp_rdata->ids.node_name = remote_wwnn; >
On 2/27/19 7:09 AM, YueHaibing wrote: > > Friendly ping: > > Who can review or take this, please? > > Thanks > > On 2019/1/30 18:11, YueHaibing wrote: >> There is a potential NULL pointer dereference in case >> fc_rport_create() fails and returns NULL. >> >> Fixes: 2580064b5ec6 ("scsi: libfc: Replace ->rport_create callback with function call") >> Signed-off-by: YueHaibing <yuehaibing@huawei.com> >> --- >> drivers/scsi/libfc/fc_lport.c | 4 ++++ >> 1 file changed, 4 insertions(+) >> >> diff --git a/drivers/scsi/libfc/fc_lport.c b/drivers/scsi/libfc/fc_lport.c >> index ff943f4..e2a3551 100644 >> --- a/drivers/scsi/libfc/fc_lport.c >> +++ b/drivers/scsi/libfc/fc_lport.c >> @@ -250,6 +250,10 @@ static void fc_lport_ptp_setup(struct fc_lport *lport, >> } >> mutex_lock(&lport->disc.disc_mutex); >> lport->ptp_rdata = fc_rport_create(lport, remote_fid); >> + if (!lport->ptp_rdata) { >> + mutex_unlock(&lport->disc.disc_mutex); >> + return; >> + } >> kref_get(&lport->ptp_rdata->kref); >> lport->ptp_rdata->ids.port_name = remote_wwpn; >> lport->ptp_rdata->ids.node_name = remote_wwnn; >> > I don't think this is correct. While it's true that fc_rport_create() might fail, fc_lport_ptp_setup() will still assumed to have worked by the caller. So we should rather return an error code here from fc_lport_ptp_setup() and ensure it's handled properly in the caller, too. Cheers, Hannes
On 2/27/19 7:09 AM, YueHaibing wrote: > > Friendly ping: > > Who can review or take this, please? > > Thanks > > On 2019/1/30 18:11, YueHaibing wrote: >> There is a potential NULL pointer dereference in case >> fc_rport_create() fails and returns NULL. >> >> Fixes: 2580064b5ec6 ("scsi: libfc: Replace ->rport_create callback with function call") >> Signed-off-by: YueHaibing <yuehaibing@huawei.com> >> --- >> drivers/scsi/libfc/fc_lport.c | 4 ++++ >> 1 file changed, 4 insertions(+) >> >> diff --git a/drivers/scsi/libfc/fc_lport.c b/drivers/scsi/libfc/fc_lport.c >> index ff943f4..e2a3551 100644 >> --- a/drivers/scsi/libfc/fc_lport.c >> +++ b/drivers/scsi/libfc/fc_lport.c >> @@ -250,6 +250,10 @@ static void fc_lport_ptp_setup(struct fc_lport *lport, >> } >> mutex_lock(&lport->disc.disc_mutex); >> lport->ptp_rdata = fc_rport_create(lport, remote_fid); >> + if (!lport->ptp_rdata) { >> + mutex_unlock(&lport->disc.disc_mutex); >> + return; >> + } >> kref_get(&lport->ptp_rdata->kref); >> lport->ptp_rdata->ids.port_name = remote_wwpn; >> lport->ptp_rdata->ids.node_name = remote_wwnn; >> > Reviewed-by: Hannes Reinecke <hare@suse.com> Cheers, Hannes
Hi Hannes, >>> There is a potential NULL pointer dereference in case >>> fc_rport_create() fails and returns NULL. >>> diff --git a/drivers/scsi/libfc/fc_lport.c b/drivers/scsi/libfc/fc_lport.c >>> index ff943f4..e2a3551 100644 >>> --- a/drivers/scsi/libfc/fc_lport.c >>> +++ b/drivers/scsi/libfc/fc_lport.c >>> @@ -250,6 +250,10 @@ static void fc_lport_ptp_setup(struct fc_lport *lport, >>> } >>> mutex_lock(&lport->disc.disc_mutex); >>> lport->ptp_rdata = fc_rport_create(lport, remote_fid); >>> + if (!lport->ptp_rdata) { >>> + mutex_unlock(&lport->disc.disc_mutex); >>> + return; >>> + } >>> kref_get(&lport->ptp_rdata->kref); >>> lport->ptp_rdata->ids.port_name = remote_wwpn; >>> lport->ptp_rdata->ids.node_name = remote_wwnn; >>> > Reviewed-by: Hannes Reinecke <hare@suse.com> A bit confused. You had originally replied that the patch was not correct so I closed it in patchwork. And now there's a Reviewed-by: without any explanation as to why you have changed your mind. Please clarify, thanks!
diff --git a/drivers/scsi/libfc/fc_lport.c b/drivers/scsi/libfc/fc_lport.c index ff943f4..e2a3551 100644 --- a/drivers/scsi/libfc/fc_lport.c +++ b/drivers/scsi/libfc/fc_lport.c @@ -250,6 +250,10 @@ static void fc_lport_ptp_setup(struct fc_lport *lport, } mutex_lock(&lport->disc.disc_mutex); lport->ptp_rdata = fc_rport_create(lport, remote_fid); + if (!lport->ptp_rdata) { + mutex_unlock(&lport->disc.disc_mutex); + return; + } kref_get(&lport->ptp_rdata->kref); lport->ptp_rdata->ids.port_name = remote_wwpn; lport->ptp_rdata->ids.node_name = remote_wwnn;
There is a potential NULL pointer dereference in case fc_rport_create() fails and returns NULL. Fixes: 2580064b5ec6 ("scsi: libfc: Replace ->rport_create callback with function call") Signed-off-by: YueHaibing <yuehaibing@huawei.com> --- drivers/scsi/libfc/fc_lport.c | 4 ++++ 1 file changed, 4 insertions(+)