Received: by 2002:a05:6a10:83d0:0:0:0:0 with SMTP id o16csp180731pxh; Thu, 7 Apr 2022 18:06:04 -0700 (PDT) X-Google-Smtp-Source: ABdhPJweCLdVfzyv+nN4qtnLLTEMUWvMHyhe2GqhO7zXf1q80MhFHwXm/e5DccMaMJOzkqi+jTTe X-Received: by 2002:a63:4a0d:0:b0:382:aad5:bbe8 with SMTP id x13-20020a634a0d000000b00382aad5bbe8mr13245222pga.535.1649379964680; Thu, 07 Apr 2022 18:06:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649379964; cv=none; d=google.com; s=arc-20160816; b=NRiR4crbG2YxBhJ14+NjlyO2gXL+49NM6qNJevPknLHv5FjlWFbexSgZLVfI8iaJ6+ htebD3X33BupokWyu02dzjUk/vT4S4jZ1VhKKH8+AYkkDbfEMjjwvMbWQuMy08qvTSCQ pEzKdRiaesK9B377ulOMdhpUTBnUDTheaeWB4WpJV8kaO3w9qTdEMiX7MWk9s3LoSxU+ j3n5yBOcNTw0SdPbCo5Cw0mHhHy2asgHtL1ss1p9B0QzF3e8yyylD0LB08QaVMNWCSp+ PmCDBuVCTBiICL9TMw6ICMykCxto9Vf+cm2z7LbExZ0VYG/UYZIB5OJAAzouPZiD2MgX DEjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=SZ0MGIfNcmsEsZq/7ejX1B/5fEv8uT7AJYV0FeofPnI=; b=R7mtFoGQ2bcZVhk9vLRhapLBBp+6Ri40qDEENpYl6kW0//DuZr76mwTp63VYjbmsLj nPajmOffT1Bk19G6QcxEpsDRI5pm6X9BDVApWFXMv4GL7qjZYC/xUK7qi5JrhFoxSjg4 WfX3BKw7SJo+qWOnHF/sYGqmmXEJkGfN7RVWu5kYhfF7BSuenIrQyhjyQe1j5oSxDtRW mYIMjf/sPSnSl1z3rU6VgPTCTqz+xMVYhANlYrljGu6NAAIUDdQOSc5tUkx3BFKQq59e F5T5a6m2TSshhBjTsCcbLqdAz5NGpMLHMxpxSaw/M46jENJ9xFPiKndjJGhIRlRf/lpp R8WQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=GyQOwOUt; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id q101-20020a17090a1b6e00b001bd5400b61esi3293104pjq.86.2022.04.07.18.06.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 07 Apr 2022 18:06:04 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=GyQOwOUt; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 6BF8B109A55; Thu, 7 Apr 2022 17:37:20 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232930AbiDHAjH (ORCPT + 99 others); Thu, 7 Apr 2022 20:39:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47928 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232896AbiDHAjF (ORCPT ); Thu, 7 Apr 2022 20:39:05 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5D5D3108195; Thu, 7 Apr 2022 17:37:03 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id E526F61877; Fri, 8 Apr 2022 00:37:02 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4CC5FC385A9; Fri, 8 Apr 2022 00:37:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1649378222; bh=i2XZq/Xu6H3REApuY9LUTcK2PgJHPjIMKr2oGYUJS+w=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=GyQOwOUtHJkHjJBvAbOA3vKcRaXiuGK57yvu8DZxwmGJcODd46H+mDgSPxPys/heZ YIA0G9VUuHm1uD7T4wTIltvaCJC33lHy63MYlQk8SGTNJbRU8tEOeOnljBjOCAT9CK 0pkORZXXiztnnyvnEXxA6umz/fDxUB8+ygVGJRN67+GDyOPju3k4NkWVDQXfZIVnqt t43io2YNgWVMMQqRfrSSujgXIMWNxjVIRB51B9IoXYbRRSAevcZ2H1AYAxR2kaIBai y1XQmbuyJeV+kNq4WV35tfhDfL6qmQb5NcSx5aeFl/QeMCYlZ2rtFMzsrRnwiDQA1X u5B355z4sgGyw== Received: by mail-yw1-f171.google.com with SMTP id 00721157ae682-2db2add4516so80278687b3.1; Thu, 07 Apr 2022 17:37:02 -0700 (PDT) X-Gm-Message-State: AOAM532eJRsVSTymVVl59Nmc+EmZUe0oS5fRw26vU0I81AOraahNo+0o EdAaFSUZsSDH382pYfH6bYywxXjziBW+Mim3vAs= X-Received: by 2002:a0d:f6c6:0:b0:2e5:bf17:4dce with SMTP id g189-20020a0df6c6000000b002e5bf174dcemr14410627ywf.130.1649378221272; Thu, 07 Apr 2022 17:37:01 -0700 (PDT) MIME-Version: 1.0 References: <20220328081127.26148-1-xiam0nd.tong@gmail.com> In-Reply-To: <20220328081127.26148-1-xiam0nd.tong@gmail.com> From: Song Liu Date: Thu, 7 Apr 2022 17:36:48 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v2] md: fix an incorrect NULL check in sync_sbs To: Xiaomeng Tong Cc: rgoldwyn@suse.com, Guoqing Jiang , linux-raid , open list , stable@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Mar 28, 2022 at 1:11 AM Xiaomeng Tong wrote: > > The bug is here: > if (!rdev) > > The list iterator value 'rdev' will *always* be set and non-NULL > by rdev_for_each(), so it is incorrect to assume that the iterator > value will be NULL if the list is empty or no element found. > Otherwise it will bypass the NULL check and lead to invalid memory > access passing the check. > > To fix the bug, use a new variable 'iter' as the list iterator, > while using the original variable 'pdev' as a dedicated pointer to s/pdev/rdev/ > point to the found element. > > Cc: stable@vger.kernel.org > Fixes: 2aa82191ac36c ("md-cluster: Perform a lazy update") "Fixes" should use a hash of 12 characters (13 given here). Did checkpatch.pl complain about it? > Acked-by: Guoqing Jiang > Signed-off-by: Xiaomeng Tong > --- > > changes since v1: > - rephrase the subject (Guoqing Jiang) > - add Acked-by: for Guoqing Jiang > v1:https://lore.kernel.org/lkml/20220327080002.11923-1-xiam0nd.tong@gmail.com/ > > --- > drivers/md/md.c | 8 +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) > > diff --git a/drivers/md/md.c b/drivers/md/md.c > index 4d38bd7dadd6..7476fc204172 100644 > --- a/drivers/md/md.c > +++ b/drivers/md/md.c > @@ -2629,14 +2629,16 @@ static void sync_sbs(struct mddev *mddev, int nospares) > > static bool does_sb_need_changing(struct mddev *mddev) > { > - struct md_rdev *rdev; > + struct md_rdev *rdev = NULL, *iter; > struct mdp_superblock_1 *sb; > int role; > > /* Find a good rdev */ > - rdev_for_each(rdev, mddev) > - if ((rdev->raid_disk >= 0) && !test_bit(Faulty, &rdev->flags)) > + rdev_for_each(iter, mddev) > + if ((iter->raid_disk >= 0) && !test_bit(Faulty, &iter->flags)) { > + rdev = iter; > break; > + } > > /* No good device found. */ > if (!rdev) > -- > 2.17.1 >