| Message ID | 20201130072356.5378-1-tzh18@mails.tsinghua.edu.cn (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | drivers/lightnvm: fix a null-ptr-deref bug in pblk-core.c | expand |
On 30/11/2020 08.23, tangzhenhao wrote: > At line 294 in drivers/lightnvm/pblk-write.c, function pblk_gen_run_ws is called with actual param GFP_ATOMIC. pblk_gen_run_ws call mempool_alloc using "GFP_ATOMIC" flag, so mempool_alloc can return null. So we need to check the return-val of mempool_alloc to avoid null-ptr-deref bug. > > Signed-off-by: tangzhenhao <tzh18@mails.tsinghua.edu.cn> > --- > drivers/lightnvm/pblk-core.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/drivers/lightnvm/pblk-core.c b/drivers/lightnvm/pblk-core.c > index 97c68731406b..1dddba11e721 100644 > --- a/drivers/lightnvm/pblk-core.c > +++ b/drivers/lightnvm/pblk-core.c > @@ -1869,6 +1869,10 @@ void pblk_gen_run_ws(struct pblk *pblk, struct pblk_line *line, void *priv, > struct pblk_line_ws *line_ws; > > line_ws = mempool_alloc(&pblk->gen_ws_pool, gfp_mask); > + if (!line_ws) { > + pblk_err(pblk, "pblk: could not allocate memory\n"); > + return; > + } > > line_ws->pblk = pblk; > line_ws->line = line; Thank you, Hao. Good catch. Reviewed-by: Matias Bjørling <mb@lightnvm.io> Hi Jens, would you be so kind to pick this up when convenient? Thanks! Best, Matias
On 11/30/20 12:23 AM, tangzhenhao wrote: > At line 294 in drivers/lightnvm/pblk-write.c, function pblk_gen_run_ws > is called with actual param GFP_ATOMIC. pblk_gen_run_ws call > mempool_alloc using "GFP_ATOMIC" flag, so mempool_alloc can return > null. So we need to check the return-val of mempool_alloc to avoid > null-ptr-deref bug. Please line-break at 72/74 chars for future patches, I fixed this one up. Applied for 5.11, thanks.
diff --git a/drivers/lightnvm/pblk-core.c b/drivers/lightnvm/pblk-core.c index 97c68731406b..1dddba11e721 100644 --- a/drivers/lightnvm/pblk-core.c +++ b/drivers/lightnvm/pblk-core.c @@ -1869,6 +1869,10 @@ void pblk_gen_run_ws(struct pblk *pblk, struct pblk_line *line, void *priv, struct pblk_line_ws *line_ws; line_ws = mempool_alloc(&pblk->gen_ws_pool, gfp_mask); + if (!line_ws) { + pblk_err(pblk, "pblk: could not allocate memory\n"); + return; + } line_ws->pblk = pblk; line_ws->line = line;
At line 294 in drivers/lightnvm/pblk-write.c, function pblk_gen_run_ws is called with actual param GFP_ATOMIC. pblk_gen_run_ws call mempool_alloc using "GFP_ATOMIC" flag, so mempool_alloc can return null. So we need to check the return-val of mempool_alloc to avoid null-ptr-deref bug. Signed-off-by: tangzhenhao <tzh18@mails.tsinghua.edu.cn> --- drivers/lightnvm/pblk-core.c | 4 ++++ 1 file changed, 4 insertions(+)