Commit 2f6cfd6d authored by Alexey Simakov's avatar Alexey Simakov Committed by Mikulas Patocka
Browse files

dm-raid: fix possible NULL dereference with undefined raid type 



rs->raid_type is assigned from get_raid_type_by_ll(), which may return
NULL. This NULL value could be dereferenced later in the condition
'if (!(rs_is_raid10(rs) && rt_is_raid0(rs->raid_type)))'.

Add a fail-fast check to return early with an error if raid_type is NULL,
similar to other uses of this function.

Found by Linux Verification Center (linuxtesting.org) with Svace.

Fixes: 33e53f06 ("dm raid: introduce extended superblock and new raid types to support takeover/reshaping")
Signed-off-by: default avatarAlexey Simakov <bigalex934@gmail.com>
Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
parent 8581b19e

drivers/md/dm-raid.c

+2 −0
Original line number Diff line number Diff line
@@ -2287,6 +2287,8 @@ static int super_init_validation(struct raid_set *rs, struct md_rdev *rdev) 


			mddev->reshape_position = le64_to_cpu(sb->reshape_position);

			rs->raid_type = get_raid_type_by_ll(mddev->level, mddev->layout);

			if (!rs->raid_type)

				return -EINVAL;

		}



	} else {