dm: fix null pointer dereference in dev_create()
hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I62762 CVE: NA -------------------------------- A crash as follows: BUG: KASAN: null-ptr-deref in dev_create.cold+0x12/0x77 Read of size 8 at addr 0000000000000020 by task dmsetup/683 CPU: 4 PID: 683 Comm: dmsetup Not tainted 5.10.0-01524-g884de6e91114-dirty #11 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-buildvm-ppc64le-16.ppc.fedoraproject.org-3.fc31 04/01/2014 Call Trace: ? dump_stack+0xdd/0x126 ? kasan_report.cold+0xd1/0xdb ? dev_create.cold+0x12/0x77 ? __asan_load8+0xae/0x110 ? dev_create.cold+0x12/0x77 ? dev_rename+0x720/0x720 ? cap_capable+0xcf/0x130 ? ctl_ioctl+0x2f5/0x750 ? dev_rename+0x720/0x720 ? free_params+0x50/0x50 ? unmerge_queues+0x176/0x1b0 ? __blkcg_punt_bio_submit+0x110/0x110 ? mem_cgroup_handle_over_high+0x33/0x5e0 ? dm_ctl_ioctl+0x12/0x20 ? __se_sys_ioctl+0xc5/0x120 ? __x64_sys_ioctl+0x46/0x60 ? do_syscall_64+0x45/0x70 ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 This can be easily reproduced using: dmsetup create xxx --table "0 1000 linear /dev/sda 0" dmsetup remove xxx Fix this by adding hass_lock in dev_create(). Fixes: a5100d07 ("dm ioctl: add DMINFO() to track dm device create/remove") Signed-off-by:Luo Meng <luomeng12@huawei.com> Reviewed-by:
Loading
Please sign in to comment