From patchwork Fri Aug 25 20:46:25 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Shaohua Li <shli@fb.com>
X-Patchwork-Id: 9922773
Return-Path: <linux-block-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	D27A560349 for <patchwork-linux-block@patchwork.kernel.org>;
	Fri, 25 Aug 2017 20:46:28 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C39BC2844E
	for <patchwork-linux-block@patchwork.kernel.org>;
	Fri, 25 Aug 2017 20:46:28 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id B8681284AA; Fri, 25 Aug 2017 20:46:28 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU,
	RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 527152844E
	for <patchwork-linux-block@patchwork.kernel.org>;
	Fri, 25 Aug 2017 20:46:28 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S932903AbdHYUq1 (ORCPT
	<rfc822;patchwork-linux-block@patchwork.kernel.org>);
	Fri, 25 Aug 2017 16:46:27 -0400
Received: from mx0a-00082601.pphosted.com ([67.231.145.42]:43670 "EHLO
	mx0a-00082601.pphosted.com" rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with ESMTP id S932836AbdHYUq1 (ORCPT
	<rfc822;linux-block@vger.kernel.org>);
	Fri, 25 Aug 2017 16:46:27 -0400
Received: from pps.filterd (m0044010.ppops.net [127.0.0.1])
	by mx0a-00082601.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id
	v7PKigUe022393
	for <linux-block@vger.kernel.org>; Fri, 25 Aug 2017 13:46:26 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com;
	h=from : to : cc : subject
	: date : message-id : mime-version : content-type; s=facebook;
	bh=ZE94zPAwHXDsjc/rCDeMRczgjcTOw99SwqmG7DAZac8=;
	b=Me58F/jgLBSgYO3lVOINUSGT3pB82dEqqJZQzE1q+lfblv0coyV3kxe1ynv+4MvO2/vU
	cRDzF/vGIFpOK/6tXUcWLOEc7vKFx2qtEqQConbuc8D7nfLZZCewT0JSm9y7wA04weX3
	hGK9jeFVIoFvkZaKWZAv0gfipzE0FFSVf4Y=
Received: from mail.thefacebook.com ([199.201.64.23])
	by mx0a-00082601.pphosted.com with ESMTP id 2cjt8107rn-2
	(version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT)
	for <linux-block@vger.kernel.org>; Fri, 25 Aug 2017 13:46:26 -0700
Received: from PRN-CHUB02.TheFacebook.com (2620:10d:c081:35::11) by
	PRN-CHUB05.TheFacebook.com (2620:10d:c081:35::14) with Microsoft SMTP
	Server (TLS) id 14.3.319.2; Fri, 25 Aug 2017 13:46:26 -0700
Received: from mx-out.facebook.com (192.168.52.123) by
	PRN-CHUB02.TheFacebook.com (192.168.16.12) with Microsoft SMTP Server
	(TLS) id 14.3.319.2; Fri, 25 Aug 2017 13:46:24 -0700
Received: from facebook.com (2401:db00:21:603d:face:0:19:0)     by
	mx-out.facebook.com (10.103.99.99) with ESMTP  id
	76124fe889d611e7985e0002c9dfb610-1b189150 for
	<linux-block@vger.kernel.org>; Fri, 25 Aug 2017 13:46:25 -0700
Received: by devbig638.prn2.facebook.com (Postfix, from userid 11222)   id
	616294240899; Fri, 25 Aug 2017 13:46:25 -0700 (PDT)
Smtp-Origin-Hostprefix: devbig
From: Shaohua Li <shli@fb.com>
Smtp-Origin-Hostname: devbig638.prn2.facebook.com
To: <linux-block@vger.kernel.org>
CC: <dan.carpenter@oracle.com>, <axboe@kernel.dk>
Smtp-Origin-Cluster: prn2c22
Subject: [PATCH] block/nullb: fix NULL deference
Date: Fri, 25 Aug 2017 13:46:25 -0700
Message-ID: 
 <b70eb4a71a01a72a75f2f1efb1fadc4ef77fc7ff.1503693884.git.shli@fb.com>
X-Mailer: git-send-email 2.9.5
X-FB-Internal: Safe
MIME-Version: 1.0
X-Proofpoint-Spam-Reason: safe
X-FB-Internal: Safe
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, ,
	definitions=2017-08-25_06:, , signatures=0
Sender: linux-block-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-block.vger.kernel.org>
X-Mailing-List: linux-block@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Dan reported this:

The patch 2984c8684f96: "nullb: factor disk parameters" from Aug 14,
2017, leads to the following Smatch complaint:

drivers/block/null_blk.c:1759 null_init_tag_set()
	 error: we previously assumed 'nullb' could be null (see line
1750)

  1755		set->cmd_size	= sizeof(struct nullb_cmd);
  1756		set->flags = BLK_MQ_F_SHOULD_MERGE;
  1757		set->driver_data = NULL;
  1758
  1759		if (nullb->dev->blocking)
                    ^^^^^^^^^^^^^^^^^^^^
And an unchecked dereference.

nullb could be NULL here.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Shaohua Li <shli@fb.com>
---
 drivers/block/null_blk.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/block/null_blk.c b/drivers/block/null_blk.c
index 2032360..4d328e3 100644
--- a/drivers/block/null_blk.c
+++ b/drivers/block/null_blk.c
@@ -1756,7 +1756,7 @@ static int null_init_tag_set(struct nullb *nullb, struct blk_mq_tag_set *set)
 	set->flags = BLK_MQ_F_SHOULD_MERGE;
 	set->driver_data = NULL;
 
-	if (nullb->dev->blocking)
+	if ((nullb && nullb->dev->blocking) || g_blocking)
 		set->flags |= BLK_MQ_F_BLOCKING;
 
 	return blk_mq_alloc_tag_set(set);