Re: [PATCH] md: bcache: check the return value of kzalloc() in detached_dev_do_request()

[Jia-Ju Bai]

On 2022/3/2 18:11, Coly Li wrote:
> On 2/25/22 4:20 PM, Jia-Ju Bai wrote:
> > The function kzalloc() in detached_dev_do_request() can fail, so its
> > return value should be checked.
> >
> > Fixes: bc082a55d25c (bcache: fix inaccurate io state for detached 
> > bcache devices)
> > Reported-by: TOTE Robot <oslab@xxxxxxxxxxxxxxx>
> > Signed-off-by: Jia-Ju Bai <baijiaju1990@xxxxxxxxx>
> > ---
> >   drivers/md/bcache/request.c | 2 ++
> >   1 file changed, 2 insertions(+)
> >
> > diff --git a/drivers/md/bcache/request.c b/drivers/md/bcache/request.c
> > index d15aae6c51c1..1b5ccfa93b8c 100644
> > --- a/drivers/md/bcache/request.c
> > +++ b/drivers/md/bcache/request.c
> > @@ -1107,6 +1107,8 @@ static void detached_dev_do_request(struct 
> > bcache_device *d, struct bio *bio,
> >        * which would call closure_get(&dc->disk.cl)
> >        */
> >       ddip = kzalloc(sizeof(struct detached_dev_io_private), GFP_NOIO);
>
> Yes this is a potential problem, may result NULL pointer deference.
>
>
> > +    if (!ddip)
> > +        return;
>
> The fix here is incorrect. A proper way to fix might be something like 
> this,
>
>     if (!ddip) {
>
>         bio->bi_status = BLK_STS_RESOURCE;
>
>         bio->bi_end_io(bio);
>
>         return;
>
>     }
>
>
> The orignal patch will make I/O task be in sleep forever.
>
> >       ddip->d = d;
> >       /* Count on the bcache device */
> >       ddip->orig_bdev = orig_bdev;

Hi Coly,

Thanks for the advice!
I will send a V2 patch.


Best wishes,
Jia-Ju Bai