From: Mathieu Desnoyers mathieu.desnoyers@efficios.com
mainline inclusion from mainline-v6.9-rc1 commit f6932a275461e339de69df01195c50951f039153 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IAD301 CVE: NA
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
Fix a leak on dax_add_host() error, where "goto out_cleanup_dax" is done before setting pmem->dax_dev, which therefore issues the two following calls on NULL pointers:
out_cleanup_dax: kill_dax(pmem->dax_dev); put_dax(pmem->dax_dev);
Link: https://lkml.kernel.org/r/20240208184913.484340-1-mathieu.desnoyers@efficios... Link: https://lkml.kernel.org/r/20240208184913.484340-2-mathieu.desnoyers@efficios... Signed-off-by: Mathieu Desnoyers mathieu.desnoyers@efficios.com Reviewed-by: Dan Williams dan.j.williams@intel.com Reviewed-by: Fan Ni fan.ni@samsung.com Reviewed-by: Dave Jiang dave.jiang@intel.com Cc: Alasdair Kergon agk@redhat.com Cc: Mike Snitzer snitzer@kernel.org Cc: Mikulas Patocka mpatocka@redhat.com Cc: Dan Williams dan.j.williams@intel.com Cc: Matthew Wilcox willy@infradead.org Cc: Arnd Bergmann arnd@arndb.de Cc: Russell King linux@armlinux.org.uk Cc: Dave Chinner david@fromorbit.com Cc: Linus Torvalds torvalds@linux-foundation.org Signed-off-by: Andrew Morton akpm@linux-foundation.org Signed-off-by: Zhihao Cheng chengzhihao1@huawei.com --- drivers/nvdimm/pmem.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/nvdimm/pmem.c b/drivers/nvdimm/pmem.c index 4e8fdcb3f1c8..9fe358090720 100644 --- a/drivers/nvdimm/pmem.c +++ b/drivers/nvdimm/pmem.c @@ -566,12 +566,11 @@ static int pmem_attach_disk(struct device *dev, set_dax_nomc(dax_dev); if (is_nvdimm_sync(nd_region)) set_dax_synchronous(dax_dev); + pmem->dax_dev = dax_dev; rc = dax_add_host(dax_dev, disk); if (rc) goto out_cleanup_dax; dax_write_cache(dax_dev, nvdimm_has_cache(nd_region)); - pmem->dax_dev = dax_dev; - rc = device_add_disk(dev, disk, pmem_attribute_groups); if (rc) goto out_remove_host;