Null Pointer Dereference in sd_zbc_release_disk

From: Dongliang Mu
Date: Fri May 27 2022 - 01:52:16 EST

Next message: Fangrui Song: "[PATCH] perf: Fix segbase for ld.lld linked objects"
Previous message: Paul Bone: "Re: Scheduling for heterogeneous computers"
Next in thread: Damien Le Moal: "Re: Null Pointer Dereference in sd_zbc_release_disk"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi maintainers,

I found a NPD(Null Pointer Dereference) in sd_zbc_release_disk function.

There are two definitions of sd_zbc_release_disk:

#ifdef CONFIG_BLK_DEV_ZONED
void sd_zbc_release_disk(struct scsi_disk *sdkp);
#else /* CONFIG_BLK_DEV_ZONED */
static inline void sd_zbc_release_disk(struct scsi_disk *sdkp) {}
#endif

When CONFIG_BLK_DEV_ZONED=y, the function implementation is as follows:

void sd_zbc_release_disk(struct scsi_disk *sdkp)
{
if (sd_is_zoned(sdkp))
sd_zbc_clear_zone_info(sdkp);
}

static inline int sd_is_zoned(struct scsi_disk *sdkp)
{
return sdkp->zoned == 1 || sdkp->device->type == TYPE_ZBC;
}

In drivers/scsi/sd.c, sd_probe() allocates sdkp with kzalloc(). If
errors occurred before the assignment "sdkp->device", after the
allocation, it will triggers a NPD in sd_is_zoned.

I am not familiar with kernel configuration. Does anyone have a
suggestion to fix this NPD?

I really appreciate any help you can provide.
--
My best regards to you.

No System Is Safe!
Dongliang Mu

Next message: Fangrui Song: "[PATCH] perf: Fix segbase for ld.lld linked objects"
Previous message: Paul Bone: "Re: Scheduling for heterogeneous computers"
Next in thread: Damien Le Moal: "Re: Null Pointer Dereference in sd_zbc_release_disk"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]