dm: fix a crash if blk_alloc_disk fails

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

If blk_alloc_disk fails, the variable md->disk is set to an error value.
cleanup_mapped_device will see that md->disk is non-NULL and it will
attempt to access it, causing a crash on this statement
"md->disk->private_data = NULL;".

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Reported-by: Chenyuan Yang <chenyuan0y@gmail.com>
Closes: https://marc.info/?l=dm-devel&m=172824125004329&w=2
Cc: stable@vger.kernel.org
Reviewed-by: Nitesh Shetty <nj.shetty@samsung.com>

Mikulas Patocka 2 years ago fed13a54 8e929cb5

+3 -1

1 changed file

expand all

drivers

dm.c

+3 -1

drivers/md/dm.c

··· 2290 2290 * override accordingly. 2291 2291 */ 2292 2292 md->disk = blk_alloc_disk(NULL, md->numa_node_id); 2293 - if (IS_ERR(md->disk)) 2293 + if (IS_ERR(md->disk)) { 2294 + md->disk = NULL; 2294 2295 goto bad; 2296 + } 2295 2297 md->queue = md->disk->queue; 2296 2298 2297 2299 init_waitqueue_head(&md->wait);