From 3edc53421683761e88bb871c6a4e5b268379211d Mon Sep 17 00:00:00 2001
From: Krzysztof Karas <krzysztof.karas@intel.com>
Date: Tue, 11 Apr 2023 14:26:46 +0200
Subject: [PATCH] vhost_blk: make sure to_blk_dev() return value is not NULL

Assert that return pointer of to_blk_dev() is not NULL,
before dereferencing it.

Change-Id: I15adeac0926f23f84fdb3af88fc15ac07c580d91
Signed-off-by: Krzysztof Karas <krzysztof.karas@intel.com>
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/17536
Reviewed-by: Shuhei Matsumoto <smatsumoto@nvidia.com>
Reviewed-by: Jim Harris <james.r.harris@intel.com>
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: Konrad Sztyber <konrad.sztyber@intel.com>
---
 lib/vhost/vhost_blk.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/lib/vhost/vhost_blk.c b/lib/vhost/vhost_blk.c
index 50898643b..b42154679 100644
--- a/lib/vhost/vhost_blk.c
+++ b/lib/vhost/vhost_blk.c
@@ -464,6 +464,8 @@ virtio_blk_process_request(struct spdk_vhost_dev *vdev, struct spdk_io_channel *
 	uint16_t iovcnt;
 	int rc;
 
+	assert(bvdev != NULL);
+
 	task->cb = cb;
 	task->cb_arg = cb_arg;
 
@@ -1233,6 +1235,8 @@ bdev_event_cb(enum spdk_bdev_event_type type, struct spdk_bdev *bdev,
 	struct spdk_vhost_dev *vdev = (struct spdk_vhost_dev *)event_ctx;
 	struct spdk_vhost_blk_dev *bvdev = to_blk_dev(vdev);
 
+	assert(bvdev != NULL);
+
 	SPDK_DEBUGLOG(vhost_blk, "Bdev event: type %d, name %s\n",
 		      type,
 		      bdev->name);
@@ -1545,6 +1549,8 @@ vhost_blk_set_coalescing(struct spdk_vhost_dev *vdev, uint32_t delay_base_us,
 {
 	struct spdk_vhost_blk_dev *bvdev = to_blk_dev(vdev);
 
+	assert(bvdev != NULL);
+
 	return bvdev->ops->set_coalescing(vdev, delay_base_us, iops_threshold);
 }
 
@@ -1554,6 +1560,8 @@ vhost_blk_get_coalescing(struct spdk_vhost_dev *vdev, uint32_t *delay_base_us,
 {
 	struct spdk_vhost_blk_dev *bvdev = to_blk_dev(vdev);
 
+	assert(bvdev != NULL);
+
 	bvdev->ops->get_coalescing(vdev, delay_base_us, iops_threshold);
 }
 
@@ -1582,6 +1590,8 @@ virtio_blk_construct_ctrlr(struct spdk_vhost_dev *vdev, const char *address,
 {
 	struct spdk_vhost_blk_dev *bvdev = to_blk_dev(vdev);
 
+	assert(bvdev != NULL);
+
 	return bvdev->ops->create_ctrlr(vdev, cpumask, address, params, (void *)user_backend);
 }
 
@@ -1671,6 +1681,8 @@ virtio_blk_destroy_ctrlr(struct spdk_vhost_dev *vdev)
 {
 	struct spdk_vhost_blk_dev *bvdev = to_blk_dev(vdev);
 
+	assert(bvdev != NULL);
+
 	return bvdev->ops->destroy_ctrlr(vdev);
 }
 
@@ -1707,6 +1719,8 @@ vhost_blk_get_io_channel(struct spdk_vhost_dev *vdev)
 {
 	struct spdk_vhost_blk_dev *bvdev = to_blk_dev(vdev);
 
+	assert(bvdev != NULL);
+
 	return spdk_bdev_get_io_channel(bvdev->bdev_desc);
 }
 
@@ -1764,6 +1778,8 @@ vhost_user_blk_create_ctrlr(struct spdk_vhost_dev *vdev, struct spdk_cpuset *cpu
 	struct rpc_vhost_blk req = {0};
 	struct spdk_vhost_blk_dev *bvdev = to_blk_dev(vdev);
 
+	assert(bvdev != NULL);
+
 	if (spdk_json_decode_object_relaxed(params, rpc_construct_vhost_blk,
 					    SPDK_COUNTOF(rpc_construct_vhost_blk),
 					    &req)) {