[RHEL7,COMMIT] ploop: possible NULL pointer dereference in ploop_thaw

Submitted by Konstantin Khorenko on June 1, 2020, 10:30 a.m.

Details

Message ID 202006011030.051AUC2v024553@finist-ce7.sw.ru
State New
Series "Series without cover letter"
Headers show

Commit Message

Konstantin Khorenko June 1, 2020, 10:30 a.m.
The commit is pushed to "branch-rh7-3.10.0-1127.8.2.vz7.151.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1127.8.2.vz7.151.9
------>
commit d7b30a8486097ae97dfaf04aec1a6928a6b514b3
Author: Konstantin Khorenko <khorenko@virtuozzo.com>
Date:   Mon Jun 1 13:27:21 2020 +0300

    ploop: possible NULL pointer dereference in ploop_thaw
    
    From: Vasily Averin <vvs@virtuozzo.com>
    
    found by smatch:
    drivers/block/ploop/dev.c:5334 ploop_thaw() error:
     we previously assumed 'bdev' could be null (see line 5318)
    
    Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
    Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com>
    Reviewed-by: Konstantin Khorenko <khorenko@virtuozzo.com>
---
 drivers/block/ploop/dev.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/drivers/block/ploop/dev.c b/drivers/block/ploop/dev.c
index da124fa50250b..9f0a60d63720d 100644
--- a/drivers/block/ploop/dev.c
+++ b/drivers/block/ploop/dev.c
@@ -5315,7 +5315,7 @@  static int ploop_freeze(struct ploop_device *plo, struct block_device *bdev)
 static int ploop_thaw(struct ploop_device *plo)
 {
 	struct block_device *bdev = plo->frozen_bdev;
-	struct super_block *sb = bdev ? bdev->bd_super : NULL;
+	struct super_block *sb;
 	int err;
 
 	if (!test_bit(PLOOP_S_RUNNING, &plo->state))
@@ -5327,6 +5327,10 @@  static int ploop_thaw(struct ploop_device *plo)
 	if (plo->freeze_state == PLOOP_F_THAWING)
 		return -EBUSY;
 
+	if (!bdev)
+		return -EINVAL;
+	sb = bdev->bd_super;
+
 	plo->frozen_bdev = NULL;
 	plo->freeze_state = PLOOP_F_THAWING;
 

Comments

Konstantin Khorenko June 1, 2020, 10:31 a.m.
please disregard, i have not committed it yet.

On 06/01/2020 01:30 PM, Konstantin Khorenko wrote:
> The commit is pushed to "branch-rh7-3.10.0-1127.8.2.vz7.151.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
> after rh7-3.10.0-1127.8.2.vz7.151.9
> ------>
> commit d7b30a8486097ae97dfaf04aec1a6928a6b514b3
> Author: Konstantin Khorenko <khorenko@virtuozzo.com>
> Date:   Mon Jun 1 13:27:21 2020 +0300
>
>     ploop: possible NULL pointer dereference in ploop_thaw
>
>     From: Vasily Averin <vvs@virtuozzo.com>
>
>     found by smatch:
>     drivers/block/ploop/dev.c:5334 ploop_thaw() error:
>      we previously assumed 'bdev' could be null (see line 5318)
>
>     Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
>     Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com>
>     Reviewed-by: Konstantin Khorenko <khorenko@virtuozzo.com>
> ---
>  drivers/block/ploop/dev.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/block/ploop/dev.c b/drivers/block/ploop/dev.c
> index da124fa50250b..9f0a60d63720d 100644
> --- a/drivers/block/ploop/dev.c
> +++ b/drivers/block/ploop/dev.c
> @@ -5315,7 +5315,7 @@ static int ploop_freeze(struct ploop_device *plo, struct block_device *bdev)
>  static int ploop_thaw(struct ploop_device *plo)
>  {
>  	struct block_device *bdev = plo->frozen_bdev;
> -	struct super_block *sb = bdev ? bdev->bd_super : NULL;
> +	struct super_block *sb;
>  	int err;
>
>  	if (!test_bit(PLOOP_S_RUNNING, &plo->state))
> @@ -5327,6 +5327,10 @@ static int ploop_thaw(struct ploop_device *plo)
>  	if (plo->freeze_state == PLOOP_F_THAWING)
>  		return -EBUSY;
>
> +	if (!bdev)
> +		return -EINVAL;
> +	sb = bdev->bd_super;
> +
>  	plo->frozen_bdev = NULL;
>  	plo->freeze_state = PLOOP_F_THAWING;
>
> .
>