rs->raid_type is assigned from get_raid_type_by_ll(), which may return
NULL. This NULL value could be dereferenced later in the condition
'if (!(rs_is_raid10(rs) && rt_is_raid0(rs->raid_type)))'.
Add a fail-fast check to return early with an error if raid_type is NULL,
similar to other uses of this function.
Found by Linux Verification Center (linuxtesting.org) with Svace.
Fixes: 33e53f06850f ("dm raid: introduce extended superblock and new raid types
to support takeover/reshaping")
Signed-off-by: Alexey Simakov <[email protected]>
---
drivers/md/dm-raid.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/md/dm-raid.c b/drivers/md/dm-raid.c
index c6f7129e43d3..4bacdc499984 100644
--- a/drivers/md/dm-raid.c
+++ b/drivers/md/dm-raid.c
@@ -2287,6 +2287,8 @@ static int super_init_validation(struct raid_set *rs,
struct md_rdev *rdev)
mddev->reshape_position =
le64_to_cpu(sb->reshape_position);
rs->raid_type = get_raid_type_by_ll(mddev->level,
mddev->layout);
+ if (!rs->raid_type)
+ return -EINVAL;
}
} else {
--
2.34.1
