[PATCH] block/monitor: blk_bs() return value check

Dmitry Frolov Fri, 24 Nov 2023 03:33:13 -0800

blk_bs() may return NULL, which will be dereferenced without a check in
bdrv_commit().


Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Dmitry Frolov <fro...@swemel.ru>
---
 block/monitor/block-hmp-cmds.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
index c729cbf1eb..ade627bc27 100644
--- a/block/monitor/block-hmp-cmds.c
+++ b/block/monitor/block-hmp-cmds.c
@@ -221,7 +221,13 @@ void hmp_commit(Monitor *mon, const QDict *qdict)
             return;
         }
 
-        bs = bdrv_skip_implicit_filters(blk_bs(blk));
+        bs = blk_bs(blk);
+        if (!bs) {
+            error_report("Device '%s' is invalid", device);
+            return;
+        }
+
+        bs = bdrv_skip_implicit_filters(bs);
         aio_context = bdrv_get_aio_context(bs);
         aio_context_acquire(aio_context);
 
-- 
2.34.1

[PATCH] block/monitor: blk_bs() return value check

Reply via email to