Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp3654424pxb; Mon, 24 Jan 2022 14:32:34 -0800 (PST) X-Google-Smtp-Source: ABdhPJyXBZMxnaC9YgFqX2shTGQpyFchY90wfAO3nQu8zvBkbWhaeUhQplGybsFap/BX0xxrnatD X-Received: by 2002:a05:6a00:2387:b0:4c5:be67:902b with SMTP id f7-20020a056a00238700b004c5be67902bmr15681682pfc.21.1643063554367; Mon, 24 Jan 2022 14:32:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643063554; cv=none; d=google.com; s=arc-20160816; b=dDgwlcKzOxjl0PaLflN5ThV3TkjKvRWDof/vdvPyQtGABxUGUjJvZaIOvUmTCrpxrE nKG4VeZ9UhtKqbv401EYi62YNEtv94jxgZOSq3S0b+/WddbdyKzNABW4q7KQ37w4V/s0 DEfLQVBq/eLziaiLYo1OTsh6DAoQpQ7RfeHpaEF0uCjKFP1z6hv4HB10UUspj0TSZPJL r/7rUGxNB49ixzcOCKr76J1j0LNPjdBTQ2CWigE9Qewb/tflciuuBmnv1s3xa6qBZ0jY AbCpvTyUlIBYSshWq+x2xvkjYObDvFRze4VqvDdujnBTyliuQYCk1R+kvy1ogcTjAX0S xfZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=cCGxR4p0Xk+9n84PZxD11ZMaLWiJTMkC4EljfhPKM2g=; b=zHT3ZRAPGo3JiTGDo6nluElLNfDjBAforBlmwIGLYh+6dpE76ZYZKDZP0wAQ15j8qN yHoVLYutzgtq53dOhNgvg78m3N8yDnGmTrFXnEYA4yygyM9IHMaV4HnrN4PTcu0jPWzW Xni+GifqJqR6oM7GcvQczm4e+4iMdykE+orgbjCxe0ZE4o8ihwRo5n+GGEYpnVgnRmWW F6G6XCzWCJe/XPhaj2GdiXkxltSgF0gOvwXPfpFXe8dC9Se1LSsDIS8rfYfUhZ2WaRUx 19oipDrSgXWv2f8SVJXbZoVcI/zBSMAiGjsyfYFfMXfnXhNji1lnOGTVhTqWn2yWopWr bj0g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=jsSmn6vQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id qe2si581805pjb.37.2022.01.24.14.32.22; Mon, 24 Jan 2022 14:32:34 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=jsSmn6vQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1587767AbiAXW3h (ORCPT + 99 others); Mon, 24 Jan 2022 17:29:37 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55294 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1378443AbiAXVha (ORCPT ); Mon, 24 Jan 2022 16:37:30 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 84C58C05A1AD; Mon, 24 Jan 2022 12:23:42 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 42605B81229; Mon, 24 Jan 2022 20:23:41 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 75DF1C340E5; Mon, 24 Jan 2022 20:23:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1643055820; bh=wfcsLF7GIouIju6cw/S1WOUfuc/YG6E3MeAJ34xQqVk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=jsSmn6vQnSZrTBpIllBXkq0Ib4cv3EEMINfpjAk1eRxfWOwKLsHDLBoW4qf4fECMU 0tWpKsk2+rT6UXcacfLy3qUPwLVr4XUAMOOTlouXzUmp0LoC4MbozFa5pNCZQzTHM+ Xi24UyV1nVgY8qgq3kSBQl9h0ZE2TXgo9qxSIdt4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot , Christoph Hellwig , Jens Axboe , Sasha Levin Subject: [PATCH 5.15 276/846] block: fix error unwinding in device_add_disk Date: Mon, 24 Jan 2022 19:36:33 +0100 Message-Id: <20220124184110.463545039@linuxfoundation.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220124184100.867127425@linuxfoundation.org> References: <20220124184100.867127425@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Christoph Hellwig [ Upstream commit 99d8690aae4b2f0d1d90075de355ac087f820a66 ] One device_add is called disk->ev will be freed by disk_release, so we should free it twice. Fix this by allocating disk->ev after device_add so that the extra local unwinding can be removed entirely. Based on an earlier patch from Tetsuo Handa. Reported-by: syzbot Tested-by: syzbot Fixes: 83cbce9574462c6b ("block: add error handling for device_add_disk / add_disk") Signed-off-by: Christoph Hellwig Link: https://lore.kernel.org/r/20211221161851.788424-1-hch@lst.de Signed-off-by: Jens Axboe Signed-off-by: Sasha Levin --- block/genhd.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/block/genhd.c b/block/genhd.c index f091a60dcf1ea..22f899615801c 100644 --- a/block/genhd.c +++ b/block/genhd.c @@ -432,10 +432,6 @@ int device_add_disk(struct device *parent, struct gendisk *disk, disk->flags |= GENHD_FL_EXT_DEVT; } - ret = disk_alloc_events(disk); - if (ret) - goto out_free_ext_minor; - /* delay uevents, until we scanned partition table */ dev_set_uevent_suppress(ddev, 1); @@ -446,7 +442,12 @@ int device_add_disk(struct device *parent, struct gendisk *disk, ddev->devt = MKDEV(disk->major, disk->first_minor); ret = device_add(ddev); if (ret) - goto out_disk_release_events; + goto out_free_ext_minor; + + ret = disk_alloc_events(disk); + if (ret) + goto out_device_del; + if (!sysfs_deprecated) { ret = sysfs_create_link(block_depr, &ddev->kobj, kobject_name(&ddev->kobj)); @@ -534,8 +535,6 @@ out_del_block_link: sysfs_remove_link(block_depr, dev_name(ddev)); out_device_del: device_del(ddev); -out_disk_release_events: - disk_release_events(disk); out_free_ext_minor: if (disk->major == BLOCK_EXT_MAJOR) blk_free_ext_minor(disk->first_minor); -- 2.34.1