From: Damien Le Moal <dlemoal@kernel.org>
Date: Thu, 13 Nov 2025 13:40:27 +0000 (+0900)
Subject: block: fix NULL pointer dereference in disk_report_zones()
X-Git-Tag: v6.19-rc1~168^2~51
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=881880b6f3079c79e4306630dcb8d05bc7de1793;p=thirdparty%2Fkernel%2Flinux.git

block: fix NULL pointer dereference in disk_report_zones()

Commit 2284eec5053d ("block: introduce blkdev_get_zone_info()")
introduced the report_active field in struct blk_report_zones_args so
that open and closed zones can be reported with the condition
BLK_ZONE_COND_ACTIVE in the case of a cached report zone.
However, the args pointer to a struct blk_report_zones_args that is
passed to disk_report_zones() can be NULL, e.g. in the case of internal
report zones operations for device mapper zoned targets.

Fix disk_report_zones() to make sure to check that the args is not null
before updating a zone condition for cached zone reports.

Fixes: 2284eec5053d ("block: introduce blkdev_get_zone_info()")
Reported-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
Signed-off-by: Damien Le Moal <dlemoal@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
---

diff --git a/block/blk-zoned.c b/block/blk-zoned.c
index 98c26af01e240..dcc295721c2c0 100644
--- a/block/blk-zoned.c
+++ b/block/blk-zoned.c
@@ -854,7 +854,7 @@ static unsigned int disk_zone_wplug_sync_wp_offset(struct gendisk *disk,
 int disk_report_zone(struct gendisk *disk, struct blk_zone *zone,
 		     unsigned int idx, struct blk_report_zones_args *args)
 {
-	if (args->report_active) {
+	if (args && args->report_active) {
 		/*
 		 * If we come here, then this is a report zones as a fallback
 		 * for a cached report. So collapse the implicit open, explicit