diff mbox series

drivers/lightnvm: fix a null-ptr-deref bug in pblk-core.c

Message ID 20201130072356.5378-1-tzh18@mails.tsinghua.edu.cn (mailing list archive)
State New, archived
Headers show
Series drivers/lightnvm: fix a null-ptr-deref bug in pblk-core.c | expand

Commit Message

tangzhenhao Nov. 30, 2020, 7:23 a.m. UTC
At line 294 in drivers/lightnvm/pblk-write.c, function pblk_gen_run_ws is called with actual param GFP_ATOMIC. pblk_gen_run_ws call mempool_alloc using "GFP_ATOMIC" flag, so mempool_alloc can return null. So we need to check the return-val of mempool_alloc to avoid null-ptr-deref bug.

Signed-off-by: tangzhenhao <tzh18@mails.tsinghua.edu.cn>
---
 drivers/lightnvm/pblk-core.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Matias Bjørling Dec. 8, 2020, 4:43 p.m. UTC | #1
On 30/11/2020 08.23, tangzhenhao wrote:
> At line 294 in drivers/lightnvm/pblk-write.c, function pblk_gen_run_ws is called with actual param GFP_ATOMIC. pblk_gen_run_ws call mempool_alloc using "GFP_ATOMIC" flag, so mempool_alloc can return null. So we need to check the return-val of mempool_alloc to avoid null-ptr-deref bug.
>
> Signed-off-by: tangzhenhao <tzh18@mails.tsinghua.edu.cn>
> ---
>   drivers/lightnvm/pblk-core.c | 4 ++++
>   1 file changed, 4 insertions(+)
>
> diff --git a/drivers/lightnvm/pblk-core.c b/drivers/lightnvm/pblk-core.c
> index 97c68731406b..1dddba11e721 100644
> --- a/drivers/lightnvm/pblk-core.c
> +++ b/drivers/lightnvm/pblk-core.c
> @@ -1869,6 +1869,10 @@ void pblk_gen_run_ws(struct pblk *pblk, struct pblk_line *line, void *priv,
>   	struct pblk_line_ws *line_ws;
>   
>   	line_ws = mempool_alloc(&pblk->gen_ws_pool, gfp_mask);
> +	if (!line_ws) {
> +		pblk_err(pblk, "pblk: could not allocate memory\n");
> +		return;
> +	}
>   
>   	line_ws->pblk = pblk;
>   	line_ws->line = line;

Thank you, Hao. Good catch.

Reviewed-by: Matias Bjørling <mb@lightnvm.io>

Hi Jens, would you be so kind to pick this up when convenient?

Thanks!

Best, Matias
Jens Axboe Dec. 8, 2020, 5:03 p.m. UTC | #2
On 11/30/20 12:23 AM, tangzhenhao wrote:
> At line 294 in drivers/lightnvm/pblk-write.c, function pblk_gen_run_ws
> is called with actual param GFP_ATOMIC. pblk_gen_run_ws call
> mempool_alloc using "GFP_ATOMIC" flag, so mempool_alloc can return
> null. So we need to check the return-val of mempool_alloc to avoid
> null-ptr-deref bug.

Please line-break at 72/74 chars for future patches, I fixed this one
up. Applied for 5.11, thanks.
diff mbox series

Patch

diff --git a/drivers/lightnvm/pblk-core.c b/drivers/lightnvm/pblk-core.c
index 97c68731406b..1dddba11e721 100644
--- a/drivers/lightnvm/pblk-core.c
+++ b/drivers/lightnvm/pblk-core.c
@@ -1869,6 +1869,10 @@  void pblk_gen_run_ws(struct pblk *pblk, struct pblk_line *line, void *priv,
 	struct pblk_line_ws *line_ws;
 
 	line_ws = mempool_alloc(&pblk->gen_ws_pool, gfp_mask);
+	if (!line_ws) {
+		pblk_err(pblk, "pblk: could not allocate memory\n");
+		return;
+	}
 
 	line_ws->pblk = pblk;
 	line_ws->line = line;