Re: dm snap : add sanity checks to snapshot_ctr

From: Mike Snitzer
Date: Mon Jan 04 2021 - 15:29:26 EST

Next message: Rob Herring: "Re: [PATCH 06/11] dts: bindings: Document device tree bindings for ETE"
Previous message: Ricardo Rivera-Matos: "[PATCH v8 1/2] dt-bindings: power: Add the bq256xx dt bindings"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Dec 25 2020 at 1:48am -0500,
Defang Bo <bodefang@xxxxxxx> wrote:

> Similar to commit<70de2cbd>,there should be a check for argc and argv to prevent Null pointer dereferencing
> when the dm_get_device invoked twice on the same device path with differnt mode.
>
> Signed-off-by: Defang Bo <bodefang@xxxxxxx>
> ---
> drivers/md/dm-snap.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/drivers/md/dm-snap.c b/drivers/md/dm-snap.c
> index 4668b2c..dccce8b 100644
> --- a/drivers/md/dm-snap.c
> +++ b/drivers/md/dm-snap.c
> @@ -1258,6 +1258,13 @@ static int snapshot_ctr(struct dm_target *ti, unsigned int argc, char **argv)
>
> as.argc = argc;
> as.argv = argv;
> +
> + if (!strcmp(argv[0], argv[1])) {
> + ti->error = "Error setting metadata or data device";
> + r = -EINVAL;
> + goto bad;
> + }
> +
> dm_consume_args(&as, 4);
> r = parse_snapshot_features(&as, s, ti);
> if (r)
> --
> 2.7.4
>

We already have this later in snapshot_ctr:

if (cow_dev && cow_dev == origin_dev) {
ti->error = "COW device cannot be the same as origin device";
r = -EINVAL;
goto bad_cow;
}

Which happens before the 2nd dm_get_device() for the cow device. So
I'm not seeing how you could experience the NULL pointer you say is
possible.

Mike

Next message: Rob Herring: "Re: [PATCH 06/11] dts: bindings: Document device tree bindings for ETE"
Previous message: Ricardo Rivera-Matos: "[PATCH v8 1/2] dt-bindings: power: Add the bq256xx dt bindings"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]