From: Li Lingfeng <lilingfeng3@huawei.com> hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I60QE9 CVE: NA -------------------------------- As explained in 0eb440122f89 ("block: fix use after free for bd_holder_dir"), we should make sure the "disk" is still live and then grab a reference to 'bd_holder_dir'. However, the "disk" should be "the claimed slave bdev" rather than "the holding disk". Fixes: 0eb440122f89 ("block: fix use after free for bd_holder_dir") Signed-off-by: Li Lingfeng <lilingfeng3@huawei.com> Reviewed-by: Yu Kuai <yukuai3@huawei.com> Reviewed-by: Jason Yan <yanaijie@huawei.com> Signed-off-by: Yongqiang Liu <liuyongqiang13@huawei.com> --- fs/block_dev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/block_dev.c b/fs/block_dev.c index f2932e84055d..2680092c022d 100644 --- a/fs/block_dev.c +++ b/fs/block_dev.c @@ -1310,7 +1310,7 @@ int bd_link_disk_holder(struct block_device *bdev, struct gendisk *disk) * the holder directory. Hold on to it. */ down_read(&bdev->bd_disk->lookup_sem); - if (!(disk->flags & GENHD_FL_UP)) { + if (!(bdev->bd_disk->flags & GENHD_FL_UP)) { up_read(&bdev->bd_disk->lookup_sem); return -ENODEV; } -- 2.25.1