2011-03-18 08:37:31

by Tejun Heo

[permalink] [raw]
Subject: [PATCH] block: NULL dereference on error path in __blkdev_get()

From: Dan Carpenter <[email protected]>

"disk" is always NULL when we goto out. There was a check for this
before, but it was removed in 69e02c59a7d9 "block: Don't check events
while open is in progress".

Signed-off-by: Dan Carpenter <[email protected]>
Acked-by: Tejun Heo <[email protected]>

diff --git a/fs/block_dev.c b/fs/block_dev.c
index fbe05cb..7d02afb 100644
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
@@ -1181,9 +1181,9 @@ static int __blkdev_get(struct block_device *bdev, fmode_t mode, int for_part)
out_unlock_bdev:
mutex_unlock(&bdev->bd_mutex);
disk_unblock_events(disk);
- out:
module_put(disk->fops->owner);
put_disk(disk);
+ out:
bdput(bdev);

return ret;


2011-03-18 22:27:29

by Justin TerAvest

[permalink] [raw]
Subject: Re: [PATCH] block: NULL dereference on error path in __blkdev_get()

On Fri, Mar 18, 2011 at 1:37 AM, Tejun Heo <[email protected]> wrote:
> From: Dan Carpenter <[email protected]>
>
> "disk" is always NULL when we goto out. ?There was a check for this
> before, but it was removed in 69e02c59a7d9 "block: Don't check events
> while open is in progress".
>
> Signed-off-by: Dan Carpenter <[email protected]>
> Acked-by: Tejun Heo <[email protected]>

I was running into this problem too; this patch fixes the problem.

Tested-by: Justin TerAvest <[email protected]>

>
> diff --git a/fs/block_dev.c b/fs/block_dev.c
> index fbe05cb..7d02afb 100644
> --- a/fs/block_dev.c
> +++ b/fs/block_dev.c
> @@ -1181,9 +1181,9 @@ static int __blkdev_get(struct block_device *bdev, fmode_t mode, int for_part)
> ?out_unlock_bdev:
> ? ? ? ?mutex_unlock(&bdev->bd_mutex);
> ? ? ? ?disk_unblock_events(disk);
> - out:
> ? ? ? ?module_put(disk->fops->owner);
> ? ? ? ?put_disk(disk);
> + out:
> ? ? ? ?bdput(bdev);
>
> ? ? ? ?return ret;
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at ?http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at ?http://www.tux.org/lkml/
>

2011-03-19 12:54:14

by Jens Axboe

[permalink] [raw]
Subject: Re: [PATCH] block: NULL dereference on error path in __blkdev_get()

On 2011-03-18 09:37, Tejun Heo wrote:
> From: Dan Carpenter <[email protected]>
>
> "disk" is always NULL when we goto out. There was a check for this
> before, but it was removed in 69e02c59a7d9 "block: Don't check events
> while open is in progress".

Thanks, applied.

--
Jens Axboe