nvme: prevent double free in nvme_alloc_ns() error handling - kernel

diff options

author	Niklas Cassel <[email protected]>	2020-04-27 12:34:41 +0000
committer	Christoph Hellwig <[email protected]>	2020-04-27 15:08:06 +0000
commit	132be62387c7a72a38872676c18b0dfae264adb8 (patch)
tree	6bc279c67a6338e21deba9bc13f4d6e90bb5ec79 /fs/jbd2/commit.c
parent	null_blk: Cleanup zoned device initialization (diff)
download	kernel-132be62387c7a72a38872676c18b0dfae264adb8.tar.gz kernel-132be62387c7a72a38872676c18b0dfae264adb8.zip

nvme: prevent double free in nvme_alloc_ns() error handling

When jumping to the out_put_disk label, we will call put_disk(), which will trigger a call to disk_release(), which calls blk_put_queue(). Later in the cleanup code, we do blk_cleanup_queue(), which will also call blk_put_queue(). Putting the queue twice is incorrect, and will generate a KASAN splat. Set the disk->queue pointer to NULL, before calling put_disk(), so that the first call to blk_put_queue() will not free the queue. The second call to blk_put_queue() uses another pointer to the same queue, so this call will still free the queue. Fixes: 85136c010285 ("lightnvm: simplify geometry enumeration") Signed-off-by: Niklas Cassel <[email protected]> Signed-off-by: Christoph Hellwig <[email protected]>

Diffstat (limited to 'fs/jbd2/commit.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: