blob: 3d136797bd442b8d513403213b3672576ba9d7d0 [file] [log] [blame]
From de647a8246a3067f5b026ab1346a93d7e5bbcec4 Mon Sep 17 00:00:00 2001
From: Dan Carpenter <>
Date: Tue, 4 Aug 2020 13:16:45 +0300
Subject: [PATCH] md-cluster: Fix potential error pointer dereference in
commit e8abe1de43dac658dacbd04a4543e0c988a8d386 upstream.
The error handling calls md_bitmap_free(bitmap) which checks for NULL
but will Oops if we pass an error pointer. Let's set "bitmap" to NULL
on this error path.
Fixes: afd756286083 ("md-cluster/raid10: resize all the bitmaps before start reshape")
Signed-off-by: Dan Carpenter <>
Reviewed-by: Guoqing Jiang <>
Signed-off-by: Song Liu <>
Signed-off-by: Paul Gortmaker <>
diff --git a/drivers/md/md-cluster.c b/drivers/md/md-cluster.c
index 73fd50e77975..d50737ec4039 100644
--- a/drivers/md/md-cluster.c
+++ b/drivers/md/md-cluster.c
@@ -1139,6 +1139,7 @@ static int resize_bitmaps(struct mddev *mddev, sector_t newsize, sector_t oldsiz
bitmap = get_bitmap_from_slot(mddev, i);
if (IS_ERR(bitmap)) {
pr_err("can't get bitmap from slot %d\n", i);
+ bitmap = NULL;
goto out;
counts = &bitmap->counts;