[RH7,3/4] ploop: possible NULL pointer dereference in ploop_thaw

Submitted by Vasily Averin on May 31, 2020, 1:23 p.m.

Details

Message ID 6c505481-a58f-740e-3808-bec86f14a8ff@virtuozzo.com
State New
Series "Series without cover letter"
Headers show

Commit Message

Vasily Averin May 31, 2020, 1:23 p.m.
found by smatch:
drivers/block/ploop/dev.c:5334 ploop_thaw() error:
 we previously assumed 'bdev' could be null (see line 5318)

Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
---
 drivers/block/ploop/dev.c | 3 +++
 1 file changed, 3 insertions(+)

Patch hide | download patch | download mbox

diff --git a/drivers/block/ploop/dev.c b/drivers/block/ploop/dev.c
index da124fa..ca94bf5 100644
--- a/drivers/block/ploop/dev.c
+++ b/drivers/block/ploop/dev.c
@@ -5327,6 +5327,9 @@  static int ploop_thaw(struct ploop_device *plo)
 	if (plo->freeze_state == PLOOP_F_THAWING)
 		return -EBUSY;
 
+	if (!bdev)
+		return -EINVAL;
+
 	plo->frozen_bdev = NULL;
 	plo->freeze_state = PLOOP_F_THAWING;
 

Comments

Kirill Tkhai June 1, 2020, 8:23 a.m.
On 31.05.2020 16:23, Vasily Averin wrote:
> found by smatch:
> drivers/block/ploop/dev.c:5334 ploop_thaw() error:
>  we previously assumed 'bdev' could be null (see line 5318)
> 
> Signed-off-by: Vasily Averin <vvs@virtuozzo.com>

Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com>

> ---
>  drivers/block/ploop/dev.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/drivers/block/ploop/dev.c b/drivers/block/ploop/dev.c
> index da124fa..ca94bf5 100644
> --- a/drivers/block/ploop/dev.c
> +++ b/drivers/block/ploop/dev.c
> @@ -5327,6 +5327,9 @@ static int ploop_thaw(struct ploop_device *plo)
>  	if (plo->freeze_state == PLOOP_F_THAWING)
>  		return -EBUSY;
>  
> +	if (!bdev)
> +		return -EINVAL;
> +
>  	plo->frozen_bdev = NULL;
>  	plo->freeze_state = PLOOP_F_THAWING;
>  
>