From patchwork Thu Mar 10 11:39:13 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sudip Mukherjee X-Patchwork-Id: 8556261 X-Patchwork-Delegate: axboe@kernel.dk Return-Path: X-Original-To: patchwork-linux-block@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id A5D269F38C for ; Thu, 10 Mar 2016 11:39:27 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id C52182034C for ; Thu, 10 Mar 2016 11:39:26 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id F24AF2034B for ; Thu, 10 Mar 2016 11:39:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752567AbcCJLjZ (ORCPT ); Thu, 10 Mar 2016 06:39:25 -0500 Received: from mail-pf0-f171.google.com ([209.85.192.171]:34396 "EHLO mail-pf0-f171.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752164AbcCJLjY (ORCPT ); Thu, 10 Mar 2016 06:39:24 -0500 Received: by mail-pf0-f171.google.com with SMTP id 129so67024512pfw.1; Thu, 10 Mar 2016 03:39:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id; bh=2LbvmF2IvX+GEHGTkrbBhb1L+pShpZKkJEQFsp30W0Y=; b=KtOpsTtOzVBFL6kZ+3ZXL7MGrdw6uaXANmEqkcLvGbvOtsTmzdVtqeXyiUyk0VrkDe GtMEj9XQtNnMAGGFvi5+dcYWr0d1PK63Hr8+b3az8zU7vC5faV6mE7sg6JRdpMzXo3Fy ajAG5JpeshmGCgy9FHMn/3M1OZArKB2qqqyhBggTHDwybDlhFqvH+k/wbkw0GToXZIB2 1wHIrmA6+IOk0d0u0F7o4Q6tILDSqO9zmLNwG+oaghUf6CBqC6Oxtzf7iX6jb46LewHZ vgu425Er9g3d2qN2NROuRYaDINnubz7PCSLNPjuRga/u7WQJ9ceHDBubDCbLUJ5Axkq6 W14g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=2LbvmF2IvX+GEHGTkrbBhb1L+pShpZKkJEQFsp30W0Y=; b=h1E6pzEDg6v5HAqjoUBm9zEaeoEzG1z+ZsVAJZtNJpg0t2kmYsZmHcV8LsXO+LMzYU QuFpULtDhbkets5YOB2bRGETu44C7L/k5LSqkGIvzFSyF9JGFmzfhqi1RdW0prXFDYbr D4RlJhEPM2sqVqcO716LrSl+9b4XpAfk01wn/K8bRZH3pDZfP/RGa/m/v17d/qcFOcOS Qq+Xo1haXlaIB6Q+zvaq3UbKYbxFdi+e+tQDVGPimbIYKWkCZESywXOe6ElD7u5sqkO8 nIg+T5xmEyf631t9uebwKx3GIXQLC4Xmu03NOgF6KzPZ6emP9XQ20r1G2VLMp9CduYlB xwog== X-Gm-Message-State: AD7BkJLbt34d13dEUz+WShi/6zyXu8Py1sIiwn/bQwwoO7AxRUYVpu6K5Jxsr15Ac+hTmQ== X-Received: by 10.98.8.196 with SMTP id 65mr4141659pfi.53.1457609963907; Thu, 10 Mar 2016 03:39:23 -0800 (PST) Received: from localhost.localdomain ([103.24.124.195]) by smtp.gmail.com with ESMTPSA id r65sm5079590pfa.27.2016.03.10.03.39.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 10 Mar 2016 03:39:22 -0800 (PST) From: Sudip Mukherjee To: Jens Axboe , Jens Axboe Cc: linux-kernel@vger.kernel.org, linux-block@vger.kernel.org, Sudip Mukherjee Subject: [PATCH] block: fix possible NULL dereference Date: Thu, 10 Mar 2016 17:09:13 +0530 Message-Id: <1457609953-24101-1-git-send-email-sudipm.mukherjee@gmail.com> X-Mailer: git-send-email 1.9.1 Sender: linux-block-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-block@vger.kernel.org X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP We were checking for iter to be NULL after dereferencing it. Lets first check it and then use it. Signed-off-by: Sudip Mukherjee Reviewed-by: Johannes Thumshirn --- block/blk-map.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/block/blk-map.c b/block/blk-map.c index a54f054..089ed59 100644 --- a/block/blk-map.c +++ b/block/blk-map.c @@ -126,7 +126,7 @@ int blk_rq_map_user_iov(struct request_queue *q, struct request *rq, const struct iov_iter *iter, gfp_t gfp_mask) { struct iovec iov, prv = {.iov_base = NULL, .iov_len = 0}; - bool copy = (q->dma_pad_mask & iter->count) || map_data; + bool copy; struct bio *bio = NULL; struct iov_iter i; int ret; @@ -134,6 +134,7 @@ int blk_rq_map_user_iov(struct request_queue *q, struct request *rq, if (!iter || !iter->count) return -EINVAL; + copy = (q->dma_pad_mask & iter->count) || map_data; iov_for_each(iov, i, *iter) { unsigned long uaddr = (unsigned long) iov.iov_base;