Re: [PATCH] md-cluster: Fix potential error pointer dereference in resize_bitmaps()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 8/4/20 12:16 PM, Dan Carpenter wrote:
The error handling calls md_bitmap_free(bitmap) which checks for NULL
but will Oops if we pass an error pointer.  Let's set "bitmap" to NULL
on this error path.

Fixes: afd756286083 ("md-cluster/raid10: resize all the bitmaps before start reshape")
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
---
  drivers/md/md-cluster.c | 1 +
  1 file changed, 1 insertion(+)

diff --git a/drivers/md/md-cluster.c b/drivers/md/md-cluster.c
index 73fd50e77975..d50737ec4039 100644
--- a/drivers/md/md-cluster.c
+++ b/drivers/md/md-cluster.c
@@ -1139,6 +1139,7 @@ static int resize_bitmaps(struct mddev *mddev, sector_t newsize, sector_t oldsiz
  		bitmap = get_bitmap_from_slot(mddev, i);
  		if (IS_ERR(bitmap)) {
  			pr_err("can't get bitmap from slot %d\n", i);
+			bitmap = NULL;
  			goto out;
  		}
  		counts = &bitmap->counts;

Thanks for the catch, Reviewed-by: Guoqing Jiang <guoqing.jiang@xxxxxxxxxxxxxxx>

BTW, seems there could be memory leak in the function since it keeps allocate bitmap
in the loop ..., will send a format patch.


diff --git a/drivers/md/md-cluster.c b/drivers/md/md-cluster.c
index 73fd50e77975..89d7b32489d8 100644
--- a/drivers/md/md-cluster.c
+++ b/drivers/md/md-cluster.c
@@ -1165,6 +1165,8 @@ static int resize_bitmaps(struct mddev *mddev, sector_t newsize, sector_t oldsiz
                         * can't resize bitmap
                         */
                        goto out;
+
+               md_bitmap_free(bitmap);
        }

        return 0;

Thanks,
Guoqing



[Index of Archives]     [Kernel Development]     [Kernel Announce]     [Kernel Newbies]     [Linux Networking Development]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Device Mapper]

  Powered by Linux