On 6/1/2021 12:53 AM, Song Liu wrote:
On Thu, May 27, 2021 at 11:16 PM Xiao Ni <xni@xxxxxxxxxx> wrote:
Now we support sharing one big page when PAGE_SIZE is not equal 4096.
4096 bytes is the default stripe size. To support this it adds a
page offset array in raid5_percpu's scribble. It passes the page
offset array to async_xor_offs. But there are some users that don't
use the page offset array. In raid5-ppl.c, async_xor passes NULL to
asynx_xor_offs. So it needs to check src_offs is NULL or not.
Fixes: ceaf2966ab08(async_xor: increase src_offs when dropping destination page)
Reported-by: Oleksandr Shchirskyi <oleksandr.shchirskyi@xxxxxxxxxxxxxxx>
Signed-off-by: Xiao Ni <xni@xxxxxxxxxx>
Oleksandr,
Could you please verify this fixes the issue, and reply with your Tested-by?
Thanks,
Song
I can confirm that this patch fixes a NULL pointer dereference issue for me.
Thanks for the fix!
Tested-by: Oleksandr Shchirskyi <oleksandr.shchirskyi@xxxxxxxxx>
---
crypto/async_tx/async_xor.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/crypto/async_tx/async_xor.c b/crypto/async_tx/async_xor.c
index 6cd7f70..d8a9152 100644
--- a/crypto/async_tx/async_xor.c
+++ b/crypto/async_tx/async_xor.c
@@ -233,7 +233,8 @@ async_xor_offs(struct page *dest, unsigned int offset,
if (submit->flags & ASYNC_TX_XOR_DROP_DST) {
src_cnt--;
src_list++;
- src_offs++;
+ if (src_offs)
+ src_offs++;
}
/* wait for any prerequisite operations */
--
2.7.5
Regards,
Oleksandr Shchirskyi
