Date: Tue, 25 Apr 2017 09:06:02 +0200
From: Lars Ellenberg <lars.ellenberg@linbit.com>
To: Heloise <os@iscas.ac.cn>
Cc: philipp.reisner@linbit.com, drbd-dev@lists.linbit.com,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH] drivers:block:drbd:drbd_state:fix null-pointer
 dereference
Message-ID: <20170425070602.GA3987@soda.linbit>
Mail-Followup-To: Heloise <os@iscas.ac.cn>, philipp.reisner@linbit.com,
        drbd-dev@lists.linbit.com, linux-kernel@vger.kernel.org
References: <1493102118-8086-1-git-send-email-os@iscas.ac.cn>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1493102118-8086-1-git-send-email-os@iscas.ac.cn>
User-Agent: Mutt/1.5.24 (2015-08-30)
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1062
Lines: 31

On Mon, Apr 24, 2017 at 11:35:18PM -0700, Heloise wrote:
> Signed-off-by: Heloise <os@iscas.ac.cn>
> 
> In is_valid_state(), there is NULL validation for the variable nc
> "if (nc)". However,the code will continue to execute when nc is NULL.
> nc->verify_alg[0] is used in subsequent code, which may cause
> null-pointer dereference, fix it.
> ---
>  drivers/block/drbd/drbd_state.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/block/drbd/drbd_state.c b/drivers/block/drbd/drbd_state.c
> index eea0c4a..1963b83 100644
> --- a/drivers/block/drbd/drbd_state.c
> +++ b/drivers/block/drbd/drbd_state.c
> @@ -845,7 +845,7 @@ is_valid_state(struct drbd_device *device, union drbd_state ns)
>  		rv = SS_CONNECTED_OUTDATES;
>  
>  	else if ((ns.conn == C_VERIFY_S || ns.conn == C_VERIFY_T) &&
> -		 (nc->verify_alg[0] == 0))
> +		 (nc != NULL && nc->verify_alg[0] == 0))


What the static checker cannot know:
ns.conn != C_STANDALONE implies nc != NULL.

But if you feel like it, the additional check won't hurt.

Thanks,

    Lars