From: Shaohua Li Date: Fri, 25 Aug 2017 20:46:25 +0000 (-0700) Subject: block/nullb: fix NULL dereference X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=0d06a42f794bec6061e170fa9468d878051bc8b1;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git block/nullb: fix NULL dereference Dan reported this: The patch 2984c8684f96: "nullb: factor disk parameters" from Aug 14, 2017, leads to the following Smatch complaint: drivers/block/null_blk.c:1759 null_init_tag_set() error: we previously assumed 'nullb' could be null (see line 1750) 1755 set->cmd_size = sizeof(struct nullb_cmd); 1756 set->flags = BLK_MQ_F_SHOULD_MERGE; 1757 set->driver_data = NULL; 1758 1759 if (nullb->dev->blocking) ^^^^^^^^^^^^^^^^^^^^ And an unchecked dereference. nullb could be NULL here. Reported-by: Dan Carpenter Signed-off-by: Shaohua Li Signed-off-by: Jens Axboe --- diff --git a/drivers/block/null_blk.c b/drivers/block/null_blk.c index 70b17db8c21f..647213525549 100644 --- a/drivers/block/null_blk.c +++ b/drivers/block/null_blk.c @@ -1756,7 +1756,7 @@ static int null_init_tag_set(struct nullb *nullb, struct blk_mq_tag_set *set) set->flags = BLK_MQ_F_SHOULD_MERGE; set->driver_data = NULL; - if (nullb->dev->blocking) + if ((nullb && nullb->dev->blocking) || g_blocking) set->flags |= BLK_MQ_F_BLOCKING; return blk_mq_alloc_tag_set(set);