Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp6714115ybi; Wed, 5 Jun 2019 05:24:02 -0700 (PDT) X-Google-Smtp-Source: APXvYqyD6+xGcNd7txqltO9cdw8ufELfyV5hbanYaAjDli/NyHcO/hs9RhCEKrWeXjDrQjeE9EwG X-Received: by 2002:a17:90a:b78b:: with SMTP id m11mr44090227pjr.106.1559737442719; Wed, 05 Jun 2019 05:24:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559737442; cv=none; d=google.com; s=arc-20160816; b=C837kq+CigHM6ijjvXt29OWT/RbK3KYAmjB1qXJ9BxVrV9QpyQEUTL6TySTaz2fYhX BataWXuUiYrlpt0cSgE3ArSxRkmbLELSHSZ/NE1ew9LwN3x2xDwd7CPmeFYzIiv6rztZ uw/D6vtlZTRcCjsrYx7E2meV+4IQvPqj93XGbtkAzxmHN8+XLW8Qag6hlt14WL2lkLvg WJNtYKxQNV1NLe9mWiOLynvkNFOLsid9O716yStxHQ5HDaUucTg5NlPlS8BDo217SABX LAPDRAp7+ZPB2VRtJFMwnXqTcSbD/h2D/nnmtJyMIBkCtJTMOx8xNUJ7qFxdUKPMyiGE R8OQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=CFpUZwEjDbXCsLnPOcdxLrE2eiC1pxB03r/H308SvcU=; b=QMasJohQnONCEVln6msk6/LmIDnfW1CTUryEXG4z4dpBYoVZPB/PBJ0H5Lc4lPsI7k x1wXciOodc1tPXoOVhsQMItrx7yqxTqEb8jsL/heNMl0AKfP61ATYyWf57C8gmARhX1h btthDsnTE/vGShgjjom4GNZnchTW/9bpf3ndp+Eakf61m2fpUCevPHwlgTR9kY0qBzIG FaPcfZCIbFjNdgA7AA9msRvvVtrihorG4Kj7UlZWEVrBsDorqANZQnzywlzS+/zO6h4J ESRxq+nJV3le5wppKqQy9KXVQibWAfhMuZ4X/PM5VTLanStbzFT3R11nIVND30gZwW1q Gnmw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 9si26207833pgu.189.2019.06.05.05.23.43; Wed, 05 Jun 2019 05:24:02 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727721AbfFEMWF (ORCPT + 99 others); Wed, 5 Jun 2019 08:22:05 -0400 Received: from mx1.redhat.com ([209.132.183.28]:60268 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727422AbfFEMWF (ORCPT ); Wed, 5 Jun 2019 08:22:05 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C790BA6E13; Wed, 5 Jun 2019 12:22:04 +0000 (UTC) Received: from localhost (unknown [10.18.25.174]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4935E600CC; Wed, 5 Jun 2019 12:22:00 +0000 (UTC) Date: Wed, 5 Jun 2019 08:21:59 -0400 From: Mike Snitzer To: Jiri Slaby Cc: Gen Zhang , agk@redhat.com, dm-devel@redhat.com, linux-kernel@vger.kernel.org Subject: Re: dm-region-hash: Fix a missing-check bug in __rh_alloc() Message-ID: <20190605122159.GA32538@redhat.com> References: <20190524031248.GA6295@zhanggen-UX430UQ> <79ec221d-6970-3b30-0660-4a288a4c465e@suse.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <79ec221d-6970-3b30-0660-4a288a4c465e@suse.cz> User-Agent: Mutt/1.5.21 (2010-09-15) X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Wed, 05 Jun 2019 12:22:04 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jun 05 2019 at 2:05am -0400, Jiri Slaby wrote: > On 24. 05. 19, 5:12, Gen Zhang wrote: > > In function __rh_alloc(), the pointer nreg is allocated a memory space > > via kmalloc(). And it is used in the following codes. However, when > > there is a memory allocation error, kmalloc() fails. Thus null pointer > > dereference may happen. And it will cause the kernel to crash. Therefore, > > we should check the return value and handle the error. > > Further, in __rh_find(), we should also check the return value and > > handle the error. > > > > Signed-off-by: Gen Zhang > > > > --- > > diff --git a/drivers/md/dm-region-hash.c b/drivers/md/dm-region-hash.c > > index 1f76045..2fa1641 100644 > > --- a/drivers/md/dm-region-hash.c > > +++ b/drivers/md/dm-region-hash.c > > @@ -290,8 +290,11 @@ static struct dm_region *__rh_alloc(struct dm_region_hash *rh, region_t region) > > struct dm_region *reg, *nreg; > > > > nreg = mempool_alloc(&rh->region_pool, GFP_ATOMIC); > > - if (unlikely(!nreg)) > > + if (unlikely(!nreg)) { > > nreg = kmalloc(sizeof(*nreg), GFP_NOIO | __GFP_NOFAIL); > > + if (!nreg) > > + return NULL; > > What's the purpose of checking NO_FAIL allocations? There isn't, that was already pointed out in a different thread for this same patch (think patch was posted twice): https://www.redhat.com/archives/dm-devel/2019-May/msg00124.html Mike