lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20251021-rnbd_fix-v1-1-71559ee26e2b@gmail.com>
Date: Tue, 21 Oct 2025 11:51:42 +0530
From: Ranganath V N <vnranganath.20@...il.com>
To: "Md. Haris Iqbal" <haris.iqbal@...os.com>, 
 Jack Wang <jinpu.wang@...os.com>, Jens Axboe <axboe@...nel.dk>
Cc: linux-block@...r.kernel.org, linux-kernel@...r.kernel.org, 
 skhan@...uxfoundation.org, david.hunter.linux@...il.com, khalid@...nel.org, 
 linux-kernel-mentees@...ts.linuxfoundation.org, 
 Ranganath V N <vnranganath.20@...il.com>
Subject: [PATCH] drivers: block: rnbd: Handle generic ERR_PTR returns
 safely in find_and_get_or_create_sess()

Fix the issue detected by the smatch tool.
drivers/block/rnbd/rnbd-clt.c:1241 find_and_get_or_create_sess()
error: 'sess' dereferencing possible ERR_PTR()

find_and_get_or_create_sess() only checks for ERR_PTR(-ENOMEM) after
calling find_or_create_sess(). In other encoded failures, the code
may dereference the error pointer when accessing sess->nr_poll_queues,
resulting ina kernel oops.

By preserving the existing -ENOMEM behaviour and log unexpected
errors to assist in debugging. This change eliminates a potential
invalid pointer dereference without altering the function's logic
or intenet.

Tested by compiling using smatch tool.

Signed-off-by: Ranganath V N <vnranganath.20@...il.com>
---
 drivers/block/rnbd/rnbd-clt.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/drivers/block/rnbd/rnbd-clt.c b/drivers/block/rnbd/rnbd-clt.c
index f1409e54010a..57ca694210b9 100644
--- a/drivers/block/rnbd/rnbd-clt.c
+++ b/drivers/block/rnbd/rnbd-clt.c
@@ -1236,9 +1236,14 @@ find_and_get_or_create_sess(const char *sessname,
 	struct rtrs_clt_ops rtrs_ops;
 
 	sess = find_or_create_sess(sessname, &first);
-	if (sess == ERR_PTR(-ENOMEM)) {
-		return ERR_PTR(-ENOMEM);
-	} else if ((nr_poll_queues && !first) ||  (!nr_poll_queues && sess->nr_poll_queues)) {
+	if (IS_ERR(sess)) {
+		err = PTR_ERR(sess);
+		if (err != -ENOMEM)
+			pr_warn("rndb: find_or_create_sess(%s) failed with %d\n",
+				sessname, err);
+		return ERR_PTR(err);
+	}
+	if ((nr_poll_queues && !first) ||  (!nr_poll_queues && sess->nr_poll_queues)) {
 		/*
 		 * A device MUST have its own session to use the polling-mode.
 		 * It must fail to map new device with the same session.

---
base-commit: 211ddde0823f1442e4ad052a2f30f050145ccada
change-id: 20251021-rnbd_fix-9b478fb52403

Best regards,
-- 
Ranganath V N <vnranganath.20@...il.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ