[lvc-project] [PATCH] drbd: Fix potential NULL pointer dereference in _drbd_set_state()

Ваторопин Андрей a.vatoropin at crpt.ru
Thu Jun 25 08:03:06 MSK 2026


From: Andrey Vatoropin <a.vatoropin at crpt.ru>

The connection pointer receives a value in the _drbd_set_state()
function, including through a call to the first_peer_device() function.
This function returns a pointer to a list element. If the list is empty, it
returns a NULL pointer, which is later assigned to the connection
pointer. Subsequently, this pointer will be dereferenced.

Add a NULL check for the connection pointer to avoid dereferencing an
invalid pointer.

Found by Linux Verification Center (linuxtesting.org) with SVACE.
       
Fixes: a6b32bc3cebd ("drbd: Introduce "peer_device" object between "device" and "connection"")
Cc: stable at vger.kernel.org
Signed-off-by: Andrey Vatoropin <a.vatoropin at crpt.ru>
---
 drivers/block/drbd/drbd_state.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/block/drbd/drbd_state.c b/drivers/block/drbd/drbd_state.c
index adcba7f1d8ea..ea982d48017e 100644
--- a/drivers/block/drbd/drbd_state.c
+++ b/drivers/block/drbd/drbd_state.c
@@ -1281,6 +1281,11 @@ _drbd_set_state(struct drbd_device *device, union drbd_state ns,
 	if (rv < SS_SUCCESS)
 		return rv;
 
+	if (!connection) {
+		drbd_err(device, "No connection to peer, aborting!\n");
+		return SS_ALREADY_STANDALONE;
+	}
+
 	if (!(flags & CS_HARD)) {
 		/*  pre-state-change checks ; only look at ns  */
 		/* See drbd_state_sw_errors in drbd_strings.c */
-- 
2.43.0


More information about the lvc-project mailing list