Hi, 在 2024/05/27 12:34, Damien Le Moal 写道:
When powering on a null_blk device that is not already on, the return value ret that is initialized to be count is reused to check the return value of null_add_dev(), leading to nullb_device_power_store() to return null_add_dev() return value (0 on success) instead of "count". So make sure to set ret to be equal to count when there are no errors.
Yes, thanks for the patch! And the reason test did't find this problem is that the "echo" cmd will write again to the configfs entry, and nullb_device_power_store() will found the allocated nullb_device. Reviewed-by: Yu Kuai <yukuai3@xxxxxxxxxx>
Fixes: a2db328b0839 ("null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues'") Signed-off-by: Damien Le Moal <dlemoal@xxxxxxxxxx> --- drivers/block/null_blk/main.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/block/null_blk/main.c b/drivers/block/null_blk/main.c index eb023d267369..631dca2e4e84 100644 --- a/drivers/block/null_blk/main.c +++ b/drivers/block/null_blk/main.c @@ -494,6 +494,7 @@ static ssize_t nullb_device_power_store(struct config_item *item,set_bit(NULLB_DEV_FL_CONFIGURED, &dev->flags);dev->power = newp; + ret = count; } else if (dev->power && !newp) { if (test_and_clear_bit(NULLB_DEV_FL_UP, &dev->flags)) { dev->power = newp;
