| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAD-N9QXY57RvFwGQvh8U7WBc3JCX-0kpqB6+fZ=oJJtHmFdUwg@mail.gmail.com>
Date: Fri, 27 May 2022 13:51:42 +0800
From: Dongliang Mu <mudongliangabcd@...il.com>
To: jejb@...ux.ibm.com, martin.petersen@...cle.com,
linux-scsi@...r.kernel.org,
linux-kernel <linux-kernel@...r.kernel.org>
Subject: Null Pointer Dereference in sd_zbc_release_disk
Hi maintainers,
I found a NPD(Null Pointer Dereference) in sd_zbc_release_disk function.
There are two definitions of sd_zbc_release_disk:
#ifdef CONFIG_BLK_DEV_ZONED
void sd_zbc_release_disk(struct scsi_disk *sdkp);
#else /* CONFIG_BLK_DEV_ZONED */
static inline void sd_zbc_release_disk(struct scsi_disk *sdkp) {}
#endif
When CONFIG_BLK_DEV_ZONED=y, the function implementation is as follows:
void sd_zbc_release_disk(struct scsi_disk *sdkp)
{
if (sd_is_zoned(sdkp))
sd_zbc_clear_zone_info(sdkp);
}
static inline int sd_is_zoned(struct scsi_disk *sdkp)
{
return sdkp->zoned == 1 || sdkp->device->type == TYPE_ZBC;
}
In drivers/scsi/sd.c, sd_probe() allocates sdkp with kzalloc(). If
errors occurred before the assignment "sdkp->device", after the
allocation, it will triggers a NPD in sd_is_zoned.
I am not familiar with kernel configuration. Does anyone have a
suggestion to fix this NPD?
I really appreciate any help you can provide.
--
My best regards to you.
No System Is Safe!
Dongliang Mu
Powered by blists - more mailing lists