| From fc8738343eefc4ea8afb6122826dea48eacde514 Mon Sep 17 00:00:00 2001 |
| From: Xiaomeng Tong <xiam0nd.tong@gmail.com> |
| Date: Fri, 8 Apr 2022 16:37:28 +0800 |
| Subject: md: fix an incorrect NULL check in does_sb_need_changing |
| |
| From: Xiaomeng Tong <xiam0nd.tong@gmail.com> |
| |
| commit fc8738343eefc4ea8afb6122826dea48eacde514 upstream. |
| |
| The bug is here: |
| if (!rdev) |
| |
| The list iterator value 'rdev' will *always* be set and non-NULL |
| by rdev_for_each(), so it is incorrect to assume that the iterator |
| value will be NULL if the list is empty or no element found. |
| Otherwise it will bypass the NULL check and lead to invalid memory |
| access passing the check. |
| |
| To fix the bug, use a new variable 'iter' as the list iterator, |
| while using the original variable 'rdev' as a dedicated pointer to |
| point to the found element. |
| |
| Cc: stable@vger.kernel.org |
| Fixes: 2aa82191ac36 ("md-cluster: Perform a lazy update") |
| Acked-by: Guoqing Jiang <guoqing.jiang@linux.dev> |
| Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com> |
| Acked-by: Goldwyn Rodrigues <rgoldwyn@suse.com> |
| Signed-off-by: Song Liu <song@kernel.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| drivers/md/md.c | 8 +++++--- |
| 1 file changed, 5 insertions(+), 3 deletions(-) |
| |
| --- a/drivers/md/md.c |
| +++ b/drivers/md/md.c |
| @@ -2254,14 +2254,16 @@ static void sync_sbs(struct mddev *mddev |
| |
| static bool does_sb_need_changing(struct mddev *mddev) |
| { |
| - struct md_rdev *rdev; |
| + struct md_rdev *rdev = NULL, *iter; |
| struct mdp_superblock_1 *sb; |
| int role; |
| |
| /* Find a good rdev */ |
| - rdev_for_each(rdev, mddev) |
| - if ((rdev->raid_disk >= 0) && !test_bit(Faulty, &rdev->flags)) |
| + rdev_for_each(iter, mddev) |
| + if ((iter->raid_disk >= 0) && !test_bit(Faulty, &iter->flags)) { |
| + rdev = iter; |
| break; |
| + } |
| |
| /* No good device found. */ |
| if (!rdev) |