On Tue, Jul 19, 2016 at 05:39:04PM +0200, Artem Savkov wrote: > When bl_parse_deviceid() fails in bl_alloc_deviceid_node() on > blkdev_get_by_*() step we get an pnfs_block_dev struct that is > uninitialized except for bdev field which is set to whatever error > blkdev_get_by_*() returns. bl_free_device() then tries to call > blkdev_put() if bdev is not 0 resulting in a wrong pointer dereference. > > Fixing this by making sure bdev is not an error code in bl_free_device(). > > Signed-off-by: Artem Savkov <asavkov@xxxxxxxxxx> I guess this is fine to be defensive, but we should probably just ensure ->bdev is NULLed on failure. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
