nbd: fix assignment error for first_minor in nbd_dev_add
hulk inclusion category: bugfix bugzilla: 188413, https://gitee.com/openeuler/kernel/issues/I6GWYG CVE: NA ---------------------------------------- A panic error is like below: nbd_genl_connect nbd_dev_add first_minor = index << part_shift; // index =-1 ... __device_add_disk blk_alloc_devt *devt = MKDEV(disk->major, disk->first_minor + part->partno); // part->partno = 0, first_minor = 11...110000 major is covered There, index < 0 will reassign an index, but here disk->first_minor is assigned -1 << part_shift. This causes to the creation of the device with the same major and minor device numbers each time the incoming index<0, and this will lead to creation of kobject failed: Warning: kobject_add_internal failed for 4095:1048544 with -EEXIST, don't try to register things with the same name in the same directory. Fix it by moving the first_minor assignment down to after getting the new index. Fixes: 01f7594e ("nbd: Fix use-after-free in blk_mq_free_rqs") Signed-off-by:Zhong Jinghua <zhongjinghua@huawei.com> Reviewed-by:
Loading
Please sign in to comment