Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp3220558ybi;
        Sun, 26 May 2019 17:54:55 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwpw1eUl/ePacmXx2qTe1Tmd7e5czL+86/G8fb5RPp4k30EFOKD+85yAkCYMsh1bEzGC/Pf
X-Received: by 2002:a62:2cc2:: with SMTP id s185mr92819922pfs.106.1558918495089;
        Sun, 26 May 2019 17:54:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1558918495; cv=none;
        d=google.com; s=arc-20160816;
        b=JCpl7AuZ7e61tjwX6yIzga3g699NTdt/ync7ajtktMVl87gqwp8wnN1g4b8cmhmWGH
         4YBDRJkoku50A2M+RSKfBkpjBfyLsTr3Ri8d824EJpDNyNX3qdargp6cZ8C/+MLCsLu6
         Ett7lXJJ82aptZZYt3XkN9ySIHwaJlYY09IkYDKnPJsMJPPJBa6Qs8+IWuAWiHM+osyN
         nCR2ngHhZP2pIZOysrMNu5lvgFQvK1hjgQP8lnHgTKgrqyawTCDXUCqZINNSMNQZg/Yr
         JZs8y7fY38tXbwsQEQpazTws4q2WOEXvTLfP4D26Ucc+excSux80ViW3D4MtP5kaluNV
         83Cw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:content-disposition
         :mime-version:message-id:subject:cc:to:from:date:dkim-signature;
        bh=uVUGPkKOm4c0zQwgwv2vysCn0/MC1yfp3I0q+dsnZwI=;
        b=h1S01a2V9ToPcDSc/xN9mbsM44q3j2y7vvKohnlcKJ6n7fLC+77/63lg4DE74Z0ADQ
         KvcvwyfGndBivR0Q/tx5M+XDjZjQEGBGEOIT80jQvkDG4aaIhKgz3+vNhGux8TKoSgg6
         d4KQ/FaKLc2UA7q7whWvTRGARMOxQU4FT0epswVaz2a86vVjtTGqVglhJPjJtzPOco6N
         1FrZAtb48+m+u+6rqTHk2aD2Dk242Lb+IzJafKoLkZjczQxJ5SoTjW/ZK2eX0CbLscQl
         YIyr+DGHNwwPWHME+ZFC/cxyOFvyvaUDnfl7VxWzB2SKBOsAmf8C9/r0uG7144B2T8eC
         JxAQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=C15dORW1;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id a13si3795112pgl.508.2019.05.26.17.54.27;
        Sun, 26 May 2019 17:54:55 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=C15dORW1;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726063AbfE0Aup (ORCPT <rfc822;lunatang2017@gmail.com>
        + 99 others); Sun, 26 May 2019 20:50:45 -0400
Received: from mail-pg1-f195.google.com ([209.85.215.195]:34025 "EHLO
        mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725846AbfE0Aup (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 26 May 2019 20:50:45 -0400
Received: by mail-pg1-f195.google.com with SMTP id h2so5034069pgg.1
        for <linux-kernel@vger.kernel.org>; Sun, 26 May 2019 17:50:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=date:from:to:cc:subject:message-id:mime-version:content-disposition
         :user-agent;
        bh=uVUGPkKOm4c0zQwgwv2vysCn0/MC1yfp3I0q+dsnZwI=;
        b=C15dORW1EPCALRsmlfoMQo0CT92qaJrPU+p74DaxQuW1CToHewJ8mh9CxUrA4SiLsM
         JeK/6NQNNgWwAioV+nRlxRVyLJd9E0jPI56z5J6UqMhJwqqJQXoJZzuIgSVnp3LaV9BR
         EQL8TFpOhBCHx1kEkZG47rV0CnBmpQEPqCNzNeD0sWEwqZP9inL8CQZ5Z7nVEuKr77RJ
         kR4uNcEcs/i4+pkcECytsjUjgS8WKkEnlWYpV9KIHXvOoRmSNf6UgjxL3a91fM/TOF9Q
         VCvjUuzO32b79Watq+saR6qexEzzfbA4Zcsa22fgf7kYIzQwc6o0XySjI4Uhrcrno4DH
         DCPQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version
         :content-disposition:user-agent;
        bh=uVUGPkKOm4c0zQwgwv2vysCn0/MC1yfp3I0q+dsnZwI=;
        b=Do4fpbkzEQwScieUchzqgBAbYiLTVawOA3tzQaewsfZvPJPn65a+SwSTFIgnk74P3z
         jxnx/KJqL8By3JV6RmumHKlq95mIKS+VIe5pJQM02neGs+zi3JlWLDq0PXBqiY+WtIkK
         qP7J3iHbWYPWLXaGM25ERWVSEp3Ymg8NERN7kc5G/XLnf4s7IfDL5+Whbj+efigMZNSF
         E7ff9YGWajgf4eB39AviLXzzQmyXZ1elzwaBZjUnux3C7NgpObKCY/DY71pXXGkukVWK
         IFmvRn1pQW+TcK+O09aj6Oc1HgxQTcJy0otRGfZN2JoBeWycPh6bPgLoLRJ321CtYqV2
         2vfA==
X-Gm-Message-State: APjAAAVEnRL4NTsYcGV9kz7doi1ZDikvMCVzqiJ/QIMTvu5G8n+DtDQ8
        Zj1DVm0QeKua8hhqMn92YAWrisY6
X-Received: by 2002:a63:950d:: with SMTP id p13mr123027116pgd.269.1558918244895;
        Sun, 26 May 2019 17:50:44 -0700 (PDT)
Received: from zhanggen-UX430UQ ([66.42.35.75])
        by smtp.gmail.com with ESMTPSA id g8sm7685137pgq.33.2019.05.26.17.50.42
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Sun, 26 May 2019 17:50:44 -0700 (PDT)
Date:   Mon, 27 May 2019 08:50:34 +0800
From:   Gen Zhang <blackgod016574@gmail.com>
To:     agk@redhat.com, snitzer@redhat.com
Cc:     dm-devel@redhat.com, linux-kernel@vger.kernel.org
Subject: [PATCH] dm-region-hash: fix a missing-check bug in __rh_alloc()
Message-ID: <20190527005034.GA16907@zhanggen-UX430UQ>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.24 (2015-08-30)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

In function __rh_alloc(), the pointer nreg is allocated a memory space
via kmalloc(). And it is used in the following codes. However, when 
there is a memory allocation error, kmalloc() fails. Thus null pointer
dereference may happen. And it will cause the kernel to crash. Therefore,
we should check the return value and handle the error.
Further, in __rh_find(), we should also check the return value and
handle the error.

Signed-off-by: Gen Zhang <blackgod016574@gmail.com>
---
diff --git a/drivers/md/dm-region-hash.c b/drivers/md/dm-region-hash.c
index 1f76045..2fa1641 100644
--- a/drivers/md/dm-region-hash.c
+++ b/drivers/md/dm-region-hash.c
@@ -290,8 +290,11 @@ static struct dm_region *__rh_alloc(struct dm_region_hash *rh, region_t region)
 	struct dm_region *reg, *nreg;
 
 	nreg = mempool_alloc(&rh->region_pool, GFP_ATOMIC);
-	if (unlikely(!nreg))
+	if (unlikely(!nreg)) {
 		nreg = kmalloc(sizeof(*nreg), GFP_NOIO | __GFP_NOFAIL);
+		if (!nreg)
+			return NULL;
+	}
 
 	nreg->state = rh->log->type->in_sync(rh->log, region, 1) ?
 		      DM_RH_CLEAN : DM_RH_NOSYNC;
@@ -329,6 +332,8 @@ static struct dm_region *__rh_find(struct dm_region_hash *rh, region_t region)
 	if (!reg) {
 		read_unlock(&rh->hash_lock);
 		reg = __rh_alloc(rh, region);
+		if (!reg)
+			return NULL;
 		read_lock(&rh->hash_lock);
 	}
 
---