[1/2] scsi: sd: Fix potential NULL pointer dereference

Message ID	20220530014341.115427-2-damien.lemoal@opensource.wdc.com (mailing list archive)
State	Superseded
Headers	show Return-Path: <linux-scsi-owner@kernel.org> IronPort-SDR: IAfL1XAX5sDxRwYf522cRThFEEAkGYzvBAXjTbuWAY24PiUizVg+KAySsRotalYiYxNeH31T6G uAaYXfZRJ+/+GNEEjZ+Mh61d4flJaJ/OORsCJx6WrpSwI8kV/zpq17M8dtfrHpgKYYy9P+0Skk 4vSjiqGKr/xX/mVZZNW1a5bSrlcCNR2OcoDxyHvYMVruqCWRHmcvrKo0TSFgbF3nM4zr6HtHZS fFo/NnXXnJ3z3cqZO2p0MOR+TWyfI4DavStifrNDTmQmpngTKSPcYgsc18oHrUaN7A7PxpV7n8 ogVAkWeGy3l/qTJhnDtBrDUe IronPort-SDR: ScTCqxg9fw58gk0Zk1N0qkHQgS1qTOIj8hwksWsNEsNFjp/Lp0N/FMDIlB9uWkZ1GuKdRJ+bOn akUJvrw4M22nd7aszegUWFHzJS2Scl3n4wCjifHWJXk3rk3q5XhfQeKqW2o3j9Mqn2kOBvPuxG NRDv/gQz8yrqDdSvrJY2K1kghwK6bqXTddf1/EP3h+d/cBhmTa8xH3UuT0xOoXHmu474kSj1ZI xKNVgnl/9idOykgq+nuoxfHX0wo16Kjw0/LZhQb8kgaBfz2HjI+R4ynGwYJE2jNz64hh2v4Ybu Tcc= WDCIronportException: Internal From: Damien Le Moal <damien.lemoal@opensource.wdc.com> To: linux-scsi@vger.kernel.org, "Martin K . Petersen" <martin.petersen@oracle.com> Cc: Dongliang Mu <mudongliangabcd@gmail.com> Subject: [PATCH 1/2] scsi: sd: Fix potential NULL pointer dereference Date: Mon, 30 May 2022 10:43:40 +0900 Message-Id: <20220530014341.115427-2-damien.lemoal@opensource.wdc.com> In-Reply-To: <20220530014341.115427-1-damien.lemoal@opensource.wdc.com> References: <20220530014341.115427-1-damien.lemoal@opensource.wdc.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk
Series	sd_zbc fixes \| expand [0/2] sd_zbc fixes [1/2] scsi: sd: Fix potential NULL pointer dereference [2/2] scsi: sd_zbc: prevent zone information memory leak

Message ID

20220530014341.115427-2-damien.lemoal@opensource.wdc.com (mailing list archive)

State

Superseded

Headers

IronPort-SDR: 
 IAfL1XAX5sDxRwYf522cRThFEEAkGYzvBAXjTbuWAY24PiUizVg+KAySsRotalYiYxNeH31T6G
 uAaYXfZRJ+/+GNEEjZ+Mh61d4flJaJ/OORsCJx6WrpSwI8kV/zpq17M8dtfrHpgKYYy9P+0Skk
 4vSjiqGKr/xX/mVZZNW1a5bSrlcCNR2OcoDxyHvYMVruqCWRHmcvrKo0TSFgbF3nM4zr6HtHZS
 fFo/NnXXnJ3z3cqZO2p0MOR+TWyfI4DavStifrNDTmQmpngTKSPcYgsc18oHrUaN7A7PxpV7n8
 ogVAkWeGy3l/qTJhnDtBrDUe
IronPort-SDR: 
 ScTCqxg9fw58gk0Zk1N0qkHQgS1qTOIj8hwksWsNEsNFjp/Lp0N/FMDIlB9uWkZ1GuKdRJ+bOn
 akUJvrw4M22nd7aszegUWFHzJS2Scl3n4wCjifHWJXk3rk3q5XhfQeKqW2o3j9Mqn2kOBvPuxG
 NRDv/gQz8yrqDdSvrJY2K1kghwK6bqXTddf1/EP3h+d/cBhmTa8xH3UuT0xOoXHmu474kSj1ZI
 xKNVgnl/9idOykgq+nuoxfHX0wo16Kjw0/LZhQb8kgaBfz2HjI+R4ynGwYJE2jNz64hh2v4Ybu
 Tcc=
WDCIronportException: Internal
From: Damien Le Moal <damien.lemoal@opensource.wdc.com>
To: linux-scsi@vger.kernel.org,
        "Martin K . Petersen" <martin.petersen@oracle.com>
Cc: Dongliang Mu <mudongliangabcd@gmail.com>
Subject: [PATCH 1/2] scsi: sd: Fix potential NULL pointer dereference
Date: Mon, 30 May 2022 10:43:40 +0900
Message-Id: <20220530014341.115427-2-damien.lemoal@opensource.wdc.com>
In-Reply-To: <20220530014341.115427-1-damien.lemoal@opensource.wdc.com>
References: <20220530014341.115427-1-damien.lemoal@opensource.wdc.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Precedence: bulk

Series

sd_zbc fixes | expand

Commit Message

Damien Le Moal May 30, 2022, 1:43 a.m. UTC

If sd_probe() sees an error before sdkp->device is initialized,
sd_zbc_release_disk() is called, which causes a NULL pointer dereference
when sd_is_zoned() is called. Avoid this by also testing if a scsi disk
device pointer is set in sd_is_zoned().

Reported-by: Dongliang Mu <mudongliangabcd@gmail.com>
Fixes: 89d947561077 ("sd: Implement support for ZBC device")
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
---
 drivers/scsi/sd.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Dongliang Mu May 30, 2022, 2:25 a.m. UTC | #1

On Mon, May 30, 2022 at 9:43 AM Damien Le Moal
<damien.lemoal@opensource.wdc.com> wrote:
>
> If sd_probe() sees an error before sdkp->device is initialized,
> sd_zbc_release_disk() is called, which causes a NULL pointer dereference
> when sd_is_zoned() is called. Avoid this by also testing if a scsi disk
> device pointer is set in sd_is_zoned().
>
> Reported-by: Dongliang Mu <mudongliangabcd@gmail.com>
> Fixes: 89d947561077 ("sd: Implement support for ZBC device")
> Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
> ---
>  drivers/scsi/sd.h | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/scsi/sd.h b/drivers/scsi/sd.h
> index 2abad54fd23f..b90b96e8834e 100644
> --- a/drivers/scsi/sd.h
> +++ b/drivers/scsi/sd.h
> @@ -236,7 +236,8 @@ static inline void sd_dif_config_host(struct scsi_disk *disk)
>
>  static inline int sd_is_zoned(struct scsi_disk *sdkp)
>  {
> -       return sdkp->zoned == 1 || sdkp->device->type == TYPE_ZBC;
> +       return sdkp->zoned == 1 ||
> +               (sdkp->device && sdkp->device->type == TYPE_ZBC);
>  }
>

Tested-by: Dongliang Mu <mudongliangabcd@gmail.com>


>  #ifdef CONFIG_BLK_DEV_ZONED
> --
> 2.36.1
>

Johannes Thumshirn May 30, 2022, 7:44 a.m. UTC | #2

Looks good,
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>

diff --git a/drivers/scsi/sd.h b/drivers/scsi/sd.h
index 2abad54fd23f..b90b96e8834e 100644
--- a/drivers/scsi/sd.h
+++ b/drivers/scsi/sd.h
@@ -236,7 +236,8 @@  static inline void sd_dif_config_host(struct scsi_disk *disk)
 
 static inline int sd_is_zoned(struct scsi_disk *sdkp)
 {
-	return sdkp->zoned == 1 || sdkp->device->type == TYPE_ZBC;
+	return sdkp->zoned == 1 ||
+		(sdkp->device && sdkp->device->type == TYPE_ZBC);
 }
 
 #ifdef CONFIG_BLK_DEV_ZONED

[1/2] scsi: sd: Fix potential NULL pointer dereference

Commit Message

Comments

Patch