summaryrefslogtreecommitdiffstats
path: root/drivers
diff options
context:
space:
mode:
authorDamien Le Moal <damien.lemoal@opensource.wdc.com>2022-06-01 08:25:43 +0200
committerMartin K. Petersen <martin.petersen@oracle.com>2022-06-02 04:36:44 +0200
commit05fbde3a77a4f1d62e4c4428f384288c1f1a0be5 (patch)
treef706ae8589d8fc33ef0ed9e3491b8b5e740d03dd /drivers
parentscsi: mpi3mr: Rework mrioc->bsg_device model to fix warnings (diff)
downloadlinux-05fbde3a77a4f1d62e4c4428f384288c1f1a0be5.tar.xz
linux-05fbde3a77a4f1d62e4c4428f384288c1f1a0be5.zip
scsi: sd: Fix potential NULL pointer dereference
If sd_probe() sees an early error before sdkp->device is initialized, sd_zbc_release_disk() is called. This causes a NULL pointer dereference when sd_is_zoned() is called inside that function. Avoid this by removing the call to sd_zbc_release_disk() in sd_probe() error path. This change is safe and does not result in zone information memory leakage because the zone information for a zoned disk is allocated only when sd_revalidate_disk() is called, at which point sdkp->disk_dev is fully set, resulting in sd_disk_release() being called when needed to cleanup a disk zone information using sd_zbc_release_disk(). Link: https://lore.kernel.org/r/20220601062544.905141-2-damien.lemoal@opensource.wdc.com Fixes: 89d947561077 ("sd: Implement support for ZBC devices") Reported-by: Dongliang Mu <mudongliangabcd@gmail.com> Suggested-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Diffstat (limited to 'drivers')
-rw-r--r--drivers/scsi/sd.c1
1 files changed, 0 insertions, 1 deletions
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
index a8f61b6ea479..856024c6852c 100644
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
@@ -3544,7 +3544,6 @@ static int sd_probe(struct device *dev)
out_put:
put_disk(gd);
out_free:
- sd_zbc_release_disk(sdkp);
kfree(sdkp);
out:
scsi_autopm_put_device(sdp);