Re: [PATCH] md/raid10: fix null ptr dereference in raid10_size()

From: Song Liu
Date: Thu Oct 17 2024 - 18:26:22 EST


On Tue, Oct 8, 2024 at 6:51 PM Yu Kuai <yukuai1@xxxxxxxxxxxxxxx> wrote:
>
> From: Yu Kuai <yukuai3@xxxxxxxxxx>
>
> In raid10_run() if raid10_set_queue_limits() succeed, the return value
> is set to zero, and if following procedures failed raid10_run() will
> return zero while mddev->private is still NULL, causing null ptr
> dereference in raid10_size().
>
> Fix the problem by only overwrite the return value if
> raid10_set_queue_limits() failed.
>
> Fixes: 3d8466ba68d4 ("md/raid10: use the atomic queue limit update APIs")
> Reported-and-tested-by: ValdikSS <iam@xxxxxxxxxxxxxxx>
> Closes: https://lore.kernel.org/all/0dd96820-fe52-4841-bc58-dbf14d6bfcc8@xxxxxxxxxxxxxxx/
> Signed-off-by: Yu Kuai <yukuai3@xxxxxxxxxx>

Applied to md-6.12.

Thanks for the fix!
Song