• Mikulas Patocka's avatar
    dm zoned: fix invalid memory access · dc9118fe
    Mikulas Patocka authored
    [ Upstream commit 0c8e9c2d ]
    
    Commit 75d66ffb ("dm zoned: properly
    handle backing device failure") triggers a coverity warning:
    
    *** CID 1452808:  Memory - illegal accesses  (USE_AFTER_FREE)
    /drivers/md/dm-zoned-target.c: 137 in dmz_submit_bio()
    131             clone->bi_private = bioctx;
    132
    133             bio_advance(bio, clone->bi_iter.bi_size);
    134
    135             refcount_inc(&bioctx->ref);
    136             generic_make_request(clone);
    >>>     CID 1452808:  Memory - illegal accesses  (USE_AFTER_FREE)
    >>>     Dereferencing freed pointer "clone".
    137             if (clone->bi_status == BLK_STS_IOERR)
    138                     return -EIO;
    139
    140             if (bio_op(bio) == REQ_OP_WRITE && dmz_is_seq(zone))
    141                     zone->wp_block += nr_blocks;
    142
    
    The "clone" bio may be processed and freed before the check
    "clone->bi_status == BLK_STS_IOERR" - so this check can access invalid
    memory.
    
    Fixes: 75d66ffb ("dm zoned: properly handle backing device failure")
    Cc: stable@vger.kernel.org
    Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
    Reviewed-by: default avatarDamien Le Moal <damien.lemoal@wdc.com>
    Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
    Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
    dc9118fe
dm-zoned-target.c 23.2 KB