| Message ID | 20230420071851.326726-1-d-tatianin@yandex-team.ru (mailing list archive) |
|---|---|
| State | Rejected, archived |
| Delegated to: | Song Liu |
| Headers | show |
| Series | md/md-multipath: guard against a possible NULL dereference | expand |
Hi Daniil,
kernel test robot noticed the following build errors:
[auto build test ERROR on song-md/md-next]
[also build test ERROR on linus/master v6.3-rc7 next-20230419]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Daniil-Tatianin/md-md-multipath-guard-against-a-possible-NULL-dereference/20230420-152235
base: git://git.kernel.org/pub/scm/linux/kernel/git/song/md.git md-next
patch link: https://lore.kernel.org/r/20230420071851.326726-1-d-tatianin%40yandex-team.ru
patch subject: [PATCH] md/md-multipath: guard against a possible NULL dereference
config: m68k-allyesconfig (https://download.01.org/0day-ci/archive/20230420/202304202346.fddWOoq1-lkp@intel.com/config)
compiler: m68k-linux-gcc (GCC) 12.1.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/intel-lab-lkp/linux/commit/3b0e378bb2e165f35044ecb535fb1ed973ea392e
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Daniil-Tatianin/md-md-multipath-guard-against-a-possible-NULL-dereference/20230420-152235
git checkout 3b0e378bb2e165f35044ecb535fb1ed973ea392e
# save the config file
mkdir build_dir && cp config build_dir/.config
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross W=1 O=build_dir ARCH=m68k olddefconfig
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross W=1 O=build_dir ARCH=m68k SHELL=/bin/bash drivers/
If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@intel.com>
| Link: https://lore.kernel.org/oe-kbuild-all/202304202346.fddWOoq1-lkp@intel.com/
All errors (new ones prefixed by >>):
drivers/md/md-multipath.c: In function 'multipath_make_request':
>> drivers/md/md-multipath.c:111:14: error: 'map_bh' undeclared (first use in this function); did you mean 'mp_bh'?
111 | if (!map_bh)
| ^~~~~~
| mp_bh
drivers/md/md-multipath.c:111:14: note: each undeclared identifier is reported only once for each function it appears in
vim +111 drivers/md/md-multipath.c
99
100 static bool multipath_make_request(struct mddev *mddev, struct bio * bio)
101 {
102 struct mpconf *conf = mddev->private;
103 struct multipath_bh * mp_bh;
104 struct multipath_info *multipath;
105
106 if (unlikely(bio->bi_opf & REQ_PREFLUSH)
107 && md_flush_request(mddev, bio))
108 return true;
109
110 mp_bh = mempool_alloc(&conf->pool, GFP_NOIO);
> 111 if (!map_bh)
112 return false;
113
114 mp_bh->master_bio = bio;
115 mp_bh->mddev = mddev;
116
117 mp_bh->path = multipath_map(conf);
118 if (mp_bh->path < 0) {
119 bio_io_error(bio);
120 mempool_free(mp_bh, &conf->pool);
121 return true;
122 }
123 multipath = conf->multipaths + mp_bh->path;
124
125 bio_init_clone(multipath->rdev->bdev, &mp_bh->bio, bio, GFP_NOIO);
126
127 mp_bh->bio.bi_iter.bi_sector += multipath->rdev->data_offset;
128 mp_bh->bio.bi_opf |= REQ_FAILFAST_TRANSPORT;
129 mp_bh->bio.bi_end_io = multipath_end_request;
130 mp_bh->bio.bi_private = mp_bh;
131 mddev_check_write_zeroes(mddev, &mp_bh->bio);
132 submit_bio_noacct(&mp_bh->bio);
133 return true;
134 }
135
diff --git a/drivers/md/md-multipath.c b/drivers/md/md-multipath.c index 66edf5e72bd6..861c70e49bcc 100644 --- a/drivers/md/md-multipath.c +++ b/drivers/md/md-multipath.c @@ -108,6 +108,8 @@ static bool multipath_make_request(struct mddev *mddev, struct bio * bio) return true; mp_bh = mempool_alloc(&conf->pool, GFP_NOIO); + if (!map_bh) + return false; mp_bh->master_bio = bio; mp_bh->mddev = mddev;
mempool_alloc might fail to allocate a slot, in which case we will end up dereferencing a NULL mp_bh pointer. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Daniil Tatianin <d-tatianin@yandex-team.ru> --- drivers/md/md-multipath.c | 2 ++ 1 file changed, 2 insertions(+)