summaryrefslogtreecommitdiffstats
path: root/block/partitions
diff options
context:
space:
mode:
authorZqiang <qiang.zhang1211@gmail.com>2021-10-18 12:34:22 +0200
committerJens Axboe <axboe@kernel.dk>2021-10-18 19:20:38 +0200
commit9fbfabfda25d8774c5a08634fdd2da000a924890 (patch)
tree5a984de151f09282850ba18c64d0c1970dc04ea0 /block/partitions
parentblk-cgroup: blk_cgroup_bio_start() should use irq-safe operations on blkg->io... (diff)
downloadlinux-9fbfabfda25d8774c5a08634fdd2da000a924890.tar.xz
linux-9fbfabfda25d8774c5a08634fdd2da000a924890.zip
block: fix incorrect references to disk objects
When adding partitions to the disk, the reference count of the disk object is increased. then alloc partition device and called device_add(), if the device_add() return error, the reference count of the disk object will be reduced twice, at put_device(pdev) and put_disk(disk). this leads to the end of the object's life cycle prematurely, and trigger following calltrace. __init_work+0x2d/0x50 kernel/workqueue.c:519 synchronize_rcu_expedited+0x3af/0x650 kernel/rcu/tree_exp.h:847 bdi_remove_from_list mm/backing-dev.c:938 [inline] bdi_unregister+0x17f/0x5c0 mm/backing-dev.c:946 release_bdi+0xa1/0xc0 mm/backing-dev.c:968 kref_put include/linux/kref.h:65 [inline] bdi_put+0x72/0xa0 mm/backing-dev.c:976 bdev_free_inode+0x11e/0x220 block/bdev.c:408 i_callback+0x3f/0x70 fs/inode.c:226 rcu_do_batch kernel/rcu/tree.c:2508 [inline] rcu_core+0x76d/0x16c0 kernel/rcu/tree.c:2743 __do_softirq+0x1d7/0x93b kernel/softirq.c:558 invoke_softirq kernel/softirq.c:432 [inline] __irq_exit_rcu kernel/softirq.c:636 [inline] irq_exit_rcu+0xf2/0x130 kernel/softirq.c:648 sysvec_apic_timer_interrupt+0x93/0xc0 making disk is NULL when calling put_disk(). Reported-by: Hao Sun <sunhao.th@gmail.com> Signed-off-by: Zqiang <qiang.zhang1211@gmail.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Link: https://lore.kernel.org/r/20211018103422.2043-1-qiang.zhang1211@gmail.com Signed-off-by: Jens Axboe <axboe@kernel.dk>
Diffstat (limited to 'block/partitions')
-rw-r--r--block/partitions/core.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/block/partitions/core.c b/block/partitions/core.c
index 58c4c362c94f..7bea19dd9458 100644
--- a/block/partitions/core.c
+++ b/block/partitions/core.c
@@ -423,6 +423,7 @@ out_del:
device_del(pdev);
out_put:
put_device(pdev);
+ return ERR_PTR(err);
out_put_disk:
put_disk(disk);
return ERR_PTR(err);