kobject_del() must not be called if kobject_add() has not been called.
Hence only unregister sysfs when registration succeeded.
Signed-off-by: Liu Shixin <[email protected]>
---
block/blk-mq-sysfs.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/block/blk-mq-sysfs.c b/block/blk-mq-sysfs.c
index 93997d297d42..63f2df2500d9 100644
--- a/block/blk-mq-sysfs.c
+++ b/block/blk-mq-sysfs.c
@@ -279,6 +279,8 @@ void blk_mq_sysfs_unregister(struct gendisk *disk)
unsigned long i;
lockdep_assert_held(&q->sysfs_dir_lock);
+ if (!q->mq_sysfs_init_done)
+ return;
queue_for_each_hw_ctx(q, hctx, i)
blk_mq_unregister_hctx(hctx);
--
2.25.1
Hi,
?? 2022/11/12 19:07, Liu Shixin д??:
> kobject_del() must not be called if kobject_add() has not been called.
> Hence only unregister sysfs when registration succeeded.
>
From what I see, the blk_queue_registered() from caller
blk_unregister_queue() can already prevent that. QUEUE_FLAG_REGISTERED
will only be set if blk_register_queue() succeed.
Thanks,
Kuai
> Signed-off-by: Liu Shixin <[email protected]>
> ---
> block/blk-mq-sysfs.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/block/blk-mq-sysfs.c b/block/blk-mq-sysfs.c
> index 93997d297d42..63f2df2500d9 100644
> --- a/block/blk-mq-sysfs.c
> +++ b/block/blk-mq-sysfs.c
> @@ -279,6 +279,8 @@ void blk_mq_sysfs_unregister(struct gendisk *disk)
> unsigned long i;
>
> lockdep_assert_held(&q->sysfs_dir_lock);
> + if (!q->mq_sysfs_init_done)
> + return;
>
> queue_for_each_hw_ctx(q, hctx, i)
> blk_mq_unregister_hctx(hctx);
>
?? 2022/11/12 18:44, Yu Kuai д??:
> Hi,
>
> ?? 2022/11/12 19:07, Liu Shixin д??:
>> kobject_del() must not be called if kobject_add() has not been called.
>> Hence only unregister sysfs when registration succeeded.
>>
>
> From what I see, the blk_queue_registered() from caller
> blk_unregister_queue() can already prevent that. QUEUE_FLAG_REGISTERED
> will only be set if blk_register_queue() succeed.
I see that the return value of blk_mq_sysfs_register() is not checked
from blk_register_queue(), there will be memleak or uaf from error path.
Hence I think better thing to do is to handle the case that
blk_mq_sysfs_register() faild, and clean up if blk_mq_sysfs_register()
succeed while follow up procedures failed from blk_register_queue().