Received: by 2002:a05:6a10:144:0:0:0:0 with SMTP id 4csp187049pxw; Fri, 8 Apr 2022 05:04:55 -0700 (PDT) X-Google-Smtp-Source: ABdhPJygvptmh0J0/FAbP0M8FYE/Vn9Ma4/KMVG7LFHvPdMYIHGONfJnP6OBZFgEkjXmp9H0PzZd X-Received: by 2002:a50:9f8e:0:b0:41c:d8e5:96f0 with SMTP id c14-20020a509f8e000000b0041cd8e596f0mr19192418edf.69.1649419495222; Fri, 08 Apr 2022 05:04:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649419495; cv=none; d=google.com; s=arc-20160816; b=jTFc0RuQqUG/9vwFD86sAbiSVlN4jC2oKKsb53o+0/7TFw3mMxfAVtacEm2ww8ITQl GEUBmSsJClGUaAfI8wfWSEr/W15LVkyAxqq2Cuj69e8VTZwyraxhtaM7y79WGixBYagI j4vvBRCPIyuyYU+GbeLAUvjeHhokiGGRSAn653GLoDadbxVUE7bqDqFf2Bmgx6RwjUiS U+t7945KuCyE6p1cfaiwZHxFDEFWjbitmfjppNbbkBAw4V1JyPQjDVWAuDV/XEo7eglS eZ4fZ2uV7+nP07I6tFA5bVQaujmhYo4wyr0L95gxuMEAVpupX1Io0Sqr8o0VzaV4kYhM 1PCg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:dkim-signature; bh=2mCpxSUdvhWRHyULEeSOrL1ZUQdjKCwtXDlrgtif2uQ=; b=RZyrpPCT0STJ0m5ugDOuqYy+SnyYQbeHu4ERHvllPc/FZs7hlBzxABmWGtQGN7h/YV cSvtb6dVVDnxPTH8BTWJQh3Re4BSPwzebYpkXDusSxRYcKbpwhW9CdkdKvATyWFuqJ17 egVxY2Q7ZO/20xLjI99wxw8iCgq7iBdA7uNjLrP4Zk/Y3vozFM+FPDUJHrVZZa5hNPMI PdsidL1HjrkUFhAww3n4vmtFv4RIqSPcuyTEUaHG/EBw6icggBFDYfeLaWAlNVM/inin 2zm0KAN8zPJkr3J3FBXCyrQHNRNtH39C3TOiPjQwzsL4AD1WnzyTM6YhsbmBBU8PKtbb 5W6Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=LgTeOp4F; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l1-20020a50c101000000b004194da3cee0si320464edf.75.2022.04.08.05.04.16; Fri, 08 Apr 2022 05:04:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=LgTeOp4F; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232274AbiDHItz (ORCPT + 99 others); Fri, 8 Apr 2022 04:49:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47204 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232263AbiDHItw (ORCPT ); Fri, 8 Apr 2022 04:49:52 -0400 Received: from mail-pl1-x62f.google.com (mail-pl1-x62f.google.com [IPv6:2607:f8b0:4864:20::62f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A05C4334136; Fri, 8 Apr 2022 01:47:46 -0700 (PDT) Received: by mail-pl1-x62f.google.com with SMTP id m16so7323227plx.3; Fri, 08 Apr 2022 01:47:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=2mCpxSUdvhWRHyULEeSOrL1ZUQdjKCwtXDlrgtif2uQ=; b=LgTeOp4FD8eVXqM+CswH9ILr8GhuBlbxdFrO9xgMuwPT1iVzz+xoztfw3vfgaNglam jSK3OIvw2PhR9K2asPw6pYdNnkW5pFGOGPuWRMkPN17DRtG36mLd4iiiHNzjj1swsTK1 /fF341ISGmVCrZAvxaG/qBeu8x8bZiFAO2/t25WzQ71c1euQgs3jk/QBEKpfs8QPmpxi czyDuAx4Xdo0tGk+0O2AO611li/D3MDdIIxPYCUw0OhS//OgquOMnTJZlpquQ0h8mEwa s9bFg6QM549uQ5fkzsV89ZPM0132WVZB5i87TQcPIWQKFdUaMy9/c6oBppKds3F+aDic C/cw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=2mCpxSUdvhWRHyULEeSOrL1ZUQdjKCwtXDlrgtif2uQ=; b=45H6sQkG1BQ4CYHghGQUr+C/6TQFv/sDLbzqyP6ycoqM4Syj8eePXGVzqZE/YY4O5M 0dCSxGnlRALuRkYzc+dTLPnDUWcblu1O61FULkZsYBmONC3FkGIsQsAEoqMCKzn9GBBL +ZKA8+xCBLzplfD4JQ7t4m8jocoXd00LjCf2ULN2yoTjWryNxtesNfWHnBxlUQ6QjOoH rdNGjxtVQrRDMCnK54nMe6TnjtROQbjLdSlAyfoA7QpPNjL6h50CFsAGxt7ldoPc6d8e P6r1qmfF7DceveWKkqX8sO+fEikpowntA6FLHBwmdRSPqNZG7ecQyKRKAZVsTI52XzoT ZXCQ== X-Gm-Message-State: AOAM533YlE8VhDZJ6zHKdRItRvIJoHS+DJCUJqTw7ZVA22P8d3k/H5uc 60Ck3S7QDr7HCLrnT/hcektKLcYRJdszcA== X-Received: by 2002:a17:90a:e552:b0:1ca:2d70:79ef with SMTP id ei18-20020a17090ae55200b001ca2d7079efmr20351916pjb.175.1649407666188; Fri, 08 Apr 2022 01:47:46 -0700 (PDT) Received: from localhost.localdomain ([119.3.119.18]) by smtp.gmail.com with ESMTPSA id fa11-20020a17090af0cb00b001ca6e27a684sm11076426pjb.16.2022.04.08.01.47.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 08 Apr 2022 01:47:45 -0700 (PDT) From: Xiaomeng Tong To: song@kernel.org Cc: guoqing.jiang@linux.dev, linux-kernel@vger.kernel.org, linux-raid@vger.kernel.org, rgoldwyn@suse.com, stable@vger.kernel.org, xiam0nd.tong@gmail.com Subject: Re: [PATCH] md: fix an incorrect NULL check in md_reload_sb Date: Fri, 8 Apr 2022 16:47:40 +0800 Message-Id: <20220408084740.26153-1-xiam0nd.tong@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 7 Apr 2022 17:37:55 -0700, Song Liu wrote: > On Mon, Mar 28, 2022 at 1:06 AM Xiaomeng Tong wrote: > > > > The bug is here: > > if (!rdev || rdev->desc_nr != nr) { > > > > The list iterator value 'rdev' will *always* be set and non-NULL > > by rdev_for_each_rcu(), so it is incorrect to assume that the > > iterator value will be NULL if the list is empty or no element > > found (In fact, it will be a bogus pointer to an invalid struct > > object containing the HEAD). Otherwise it will bypass the check > > and lead to invalid memory access passing the check. > > > > To fix the bug, use a new variable 'iter' as the list iterator, > > while using the original variable 'pdev' as a dedicated pointer to > > point to the found element. > > > > Cc: stable@vger.kernel.org > > Fixes: 70bcecdb1534 ("amd-cluster: Improve md_reload_sb to be less error prone") > > s/amd-cluster/md-cluster/ Have fixed it in PATCH v3, please check it. Thank you. -- Xiaomeng Tong