OK, accepted.
Mikulas
On Tue, 2 Dec 2025, Alexey Simakov wrote:
> rs->raid_type is assigned from get_raid_type_by_ll(), which may return
> NULL. This NULL value could be dereferenced later in the condition
> 'if (!(rs_is_raid10(rs) && rt_is_raid0(rs->raid_type)))'.
>
> Add a fail-fast check to return early with an error if raid_type is NULL,
> similar to other uses of this function.
>
> Found by Linux Verification Center (linuxtesting.org) with Svace.
>
> Fixes: 33e53f06850f ("dm raid: introduce extended superblock and new raid
> types to support takeover/reshaping")
> Signed-off-by: Alexey Simakov <[email protected]>
> ---
> drivers/md/dm-raid.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/md/dm-raid.c b/drivers/md/dm-raid.c
> index c6f7129e43d3..4bacdc499984 100644
> --- a/drivers/md/dm-raid.c
> +++ b/drivers/md/dm-raid.c
> @@ -2287,6 +2287,8 @@ static int super_init_validation(struct raid_set *rs,
> struct md_rdev *rdev)
>
> mddev->reshape_position =
> le64_to_cpu(sb->reshape_position);
> rs->raid_type = get_raid_type_by_ll(mddev->level,
> mddev->layout);
> + if (!rs->raid_type)
> + return -EINVAL;
> }
>
> } else {
> --
> 2.34.1
>
