| Message ID | 20220602154427.462852-1-vishal.l.verma@intel.com |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [ndctl] libcxl: fix a segfault when memdev->pmem is absent | expand |
On Thu, Jun 02, 2022 at 09:44:27AM -0600, Vishal Verma wrote: > A CXL memdev may not have any persistent capacity, and in this case it > is possible that a 'pmem' object never gets instantiated. Such a > scenario would cause free_pmem () to dereference a NULL pointer and > segfault. > > Fix this by only proceeding in free_pmem() if 'pmem' was valid. > > Fixes: cd1aed6cefe8 ("libcxl: add representation for an nvdimm bridge object") > Reported-by: Steven Garcia <steven.garcia@intel.com> > Cc: Dan Williams <dan.j.williams@intel.com> > Signed-off-by: Vishal Verma <vishal.l.verma@intel.com> > --- Reviewed-by: Alison Schofield <alison.schofield@intel.com> > cxl/lib/libcxl.c | 8 +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) > > diff --git a/cxl/lib/libcxl.c b/cxl/lib/libcxl.c > index 1ad4a0b..2578a43 100644 > --- a/cxl/lib/libcxl.c > +++ b/cxl/lib/libcxl.c > @@ -50,9 +50,11 @@ struct cxl_ctx { > > static void free_pmem(struct cxl_pmem *pmem) > { > - free(pmem->dev_buf); > - free(pmem->dev_path); > - free(pmem); > + if (pmem) { > + free(pmem->dev_buf); > + free(pmem->dev_path); > + free(pmem); > + } > } > > static void free_memdev(struct cxl_memdev *memdev, struct list_head *head) > > base-commit: 4229f2694e8887a47c636a54130cff0d65f2e995 > -- > 2.36.1 > >
On Thu, 02 Jun 2022, Vishal Verma wrote: >A CXL memdev may not have any persistent capacity, and in this case it >is possible that a 'pmem' object never gets instantiated. Such a >scenario would cause free_pmem () to dereference a NULL pointer and >segfault. > >Fix this by only proceeding in free_pmem() if 'pmem' was valid. > >Fixes: cd1aed6cefe8 ("libcxl: add representation for an nvdimm bridge object") >Reported-by: Steven Garcia <steven.garcia@intel.com> >Cc: Dan Williams <dan.j.williams@intel.com> >Signed-off-by: Vishal Verma <vishal.l.verma@intel.com> >Reviewed-by: Alison Schofield <alison.schofield@intel.com> Reviewed-by: Davidlohr Bueso <dave@stgolabs.net>
diff --git a/cxl/lib/libcxl.c b/cxl/lib/libcxl.c index 1ad4a0b..2578a43 100644 --- a/cxl/lib/libcxl.c +++ b/cxl/lib/libcxl.c @@ -50,9 +50,11 @@ struct cxl_ctx { static void free_pmem(struct cxl_pmem *pmem) { - free(pmem->dev_buf); - free(pmem->dev_path); - free(pmem); + if (pmem) { + free(pmem->dev_buf); + free(pmem->dev_path); + free(pmem); + } } static void free_memdev(struct cxl_memdev *memdev, struct list_head *head)
A CXL memdev may not have any persistent capacity, and in this case it is possible that a 'pmem' object never gets instantiated. Such a scenario would cause free_pmem () to dereference a NULL pointer and segfault. Fix this by only proceeding in free_pmem() if 'pmem' was valid. Fixes: cd1aed6cefe8 ("libcxl: add representation for an nvdimm bridge object") Reported-by: Steven Garcia <steven.garcia@intel.com> Cc: Dan Williams <dan.j.williams@intel.com> Signed-off-by: Vishal Verma <vishal.l.verma@intel.com> --- cxl/lib/libcxl.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) base-commit: 4229f2694e8887a47c636a54130cff0d65f2e995