diff mbox series

[next] null_blk: Fix null pointer dereference on nullb->disk on blk_cleanup_disk call

Message ID 20210602100659.11058-1-colin.king@canonical.com (mailing list archive)
State New, archived
Headers show
Series [next] null_blk: Fix null pointer dereference on nullb->disk on blk_cleanup_disk call | expand

Commit Message

Colin King June 2, 2021, 10:06 a.m. UTC 
From: Colin Ian King <colin.king@canonical.com>

The error handling on a nullb->disk allocation currently jumps to
out_cleanup_disk that calls blk_cleanup_disk with a null pointer causing
a null pointer dereference issue. Fix this by jumping to out_cleanup_tags
instead.

Addresses-Coverity: ("Dereference after null check")
Fixes: 132226b301b5 ("null_blk: convert to blk_alloc_disk/blk_cleanup_disk")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
 drivers/block/null_blk/main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Chaitanya Kulkarni June 3, 2021, midnight UTC | #1 
On 6/2/21 03:07, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
>
> The error handling on a nullb->disk allocation currently jumps to
> out_cleanup_disk that calls blk_cleanup_disk with a null pointer causing
> a null pointer dereference issue. Fix this by jumping to out_cleanup_tags
> instead.
>
> Addresses-Coverity: ("Dereference after null check")
> Fixes: 132226b301b5 ("null_blk: convert to blk_alloc_disk/blk_cleanup_disk")
> Signed-off-by: Colin Ian King <colin.king@canonical.com>

Looks good.

Reviewed-by: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com>
Christoph Hellwig June 3, 2021, 5:48 a.m. UTC | #2 
Looks good,

Reviewed-by: Christoph Hellwig <hch@lst.de>
Jens Axboe June 3, 2021, 3:54 p.m. UTC | #3 
On 6/2/21 4:06 AM, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
> 
> The error handling on a nullb->disk allocation currently jumps to
> out_cleanup_disk that calls blk_cleanup_disk with a null pointer causing
> a null pointer dereference issue. Fix this by jumping to out_cleanup_tags
> instead.

Applied, thanks.
diff mbox series

Patch

diff --git a/drivers/block/null_blk/main.c b/drivers/block/null_blk/main.c
index d8e098f1e5b5..83d803cb57c8 100644
--- a/drivers/block/null_blk/main.c
+++ b/drivers/block/null_blk/main.c
@@ -1856,7 +1856,7 @@  static int null_add_dev(struct nullb_device *dev)
 			goto out_cleanup_tags;
 		nullb->disk = alloc_disk_node(1, nullb->dev->home_node);
 		if (!nullb->disk)
-			goto out_cleanup_disk;
+			goto out_cleanup_tags;
 		nullb->disk->queue = nullb->q;
 	} else if (dev->queue_mode == NULL_Q_BIO) {
 		rv = -ENOMEM;