Please ignore this patch for the return value of blk_alloc_disk() is
non-NULL or NULL at linux-6.6.y branch.
Bin Lan
On 11/27/24 14:03, Bin Lan wrote:
From: Mikulas Patocka <mpatocka@xxxxxxxxxx>
[ Upstream commit fed13a5478680614ba97fc87e71f16e2e197912e ]
If blk_alloc_disk fails, the variable md->disk is set to an error value.
cleanup_mapped_device will see that md->disk is non-NULL and it will
attempt to access it, causing a crash on this statement
"md->disk->private_data = NULL;".
Signed-off-by: Mikulas Patocka <mpatocka@xxxxxxxxxx>
Reported-by: Chenyuan Yang <chenyuan0y@xxxxxxxxx>
Closes: https://marc.info/?l=dm-devel&m=172824125004329&w=2
Cc: stable@xxxxxxxxxxxxxxx
Reviewed-by: Nitesh Shetty <nj.shetty@xxxxxxxxxxx>
Signed-off-by: Bin Lan <bin.lan.cn@xxxxxxxxxxxxx>
---
drivers/md/dm.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/md/dm.c b/drivers/md/dm.c
index 5dd0a42463a2..f45427291ea6 100644
--- a/drivers/md/dm.c
+++ b/drivers/md/dm.c
@@ -2077,8 +2077,10 @@ static struct mapped_device *alloc_dev(int minor)
* override accordingly.
*/
md->disk = blk_alloc_disk(md->numa_node_id);
- if (!md->disk)
+ if (!md->disk){
+ md->disk = NULL;
goto bad;
+ }
md->queue = md->disk->queue;
init_waitqueue_head(&md->wait);
