On 2/20/19 6:27 AM, zhengbin wrote: > When I use syzkaller test kernel, there is a NULL pointer dereference > in register_disk. The better solution is add return code to > __device_add_disk. There is a patchset(http://lists.infradead.org/pipermail > /linux-nvme/2016-August/005860.html) from Fam Zheng, int this patchset, the > modify is as follows: > int device_add_disk() { > ...alloc A... > retval = alloc B > if (retval) > goto fail; > ... > fail: > return retval; --->did not free A > } > There are many callers, ie: > loop_add-->add_disk-->device_add_disk-->__device_add_disk > loop_remove-->del_gendisk > ----->This will free all resources, inclue B(free fail) > > Maybe the better way is that if device_add_disk return fail, it should > free all resources? This needs to modify all the callers(Otherwise the > callers will double free), unfortunately, I am not very familiar with it. That can/should be done when we actually deal with error handling properly in this path. I have applied your patch. -- Jens Axboe
