2021-11-04 07:36:20

by Wu Bo

Subject: [PATCH] drbd: Fix double free problem in drbd_create_device

In drbd_create_device(), the 'out_no_io_page' lable has called
blk_cleanup_disk() when return failed.

So remove the 'out_cleanup_disk' lable to avoid double free the
disk pointer.

Fixes: e92ab4eda516 ("drbd: add error handling support for add_disk()")
Signed-off-by: Wu Bo <[email protected]>
---
drivers/block/drbd/drbd_main.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c
index 19db80a..53ba2dd 100644
--- a/drivers/block/drbd/drbd_main.c
+++ b/drivers/block/drbd/drbd_main.c
@@ -2796,7 +2796,7 @@ enum drbd_ret_code drbd_create_device(struct drbd_config_context *adm_ctx, unsig

err = add_disk(disk);
if (err)
- goto out_cleanup_disk;
+ goto out_idr_remove_vol;

/* inherit the connection state */
device->state.conn = first_connection(resource)->cstate;
@@ -2810,8 +2810,6 @@ enum drbd_ret_code drbd_create_device(struct drbd_config_context *adm_ctx, unsig
drbd_debugfs_device_add(device);
return NO_ERROR;

-out_cleanup_disk:
- blk_cleanup_disk(disk);
out_idr_remove_vol:
idr_remove(&connection->peer_devices, vnr);
out_idr_remove_from_resource:
--
1.8.3.1

2021-11-04 08:49:36

by Christoph Hellwig

Subject: Re: [PATCH] drbd: Fix double free problem in drbd_create_device

Looks good,

Reviewed-by: Christoph Hellwig <[email protected]>

2021-11-04 11:48:32

by Jens Axboe

Subject: Re: [PATCH] drbd: Fix double free problem in drbd_create_device

On Thu, 4 Nov 2021 16:07:09 +0800, Wu Bo wrote:
> In drbd_create_device(), the 'out_no_io_page' lable has called
> blk_cleanup_disk() when return failed.
>
> So remove the 'out_cleanup_disk' lable to avoid double free the
> disk pointer.
>
>
> [...]

Applied, thanks!

[1/1] drbd: Fix double free problem in drbd_create_device
commit: 27548088ac628109f70eb0b1eb521d035844dba8

Best regards,
--
Jens Axboe