Commit b38c069e authored by Li Lingfeng's avatar Li Lingfeng Committed by openeuler-sync-bot
Browse files

nbd: fix uaf in nbd_open 

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I81XCK



--------------------------------

Commit bd0c825c26c3 ("[Backport] nbd: use blk_mq_alloc_disk and
blk_cleanup_disk") cleans up disk by blk_cleanup_disk() and it won't set
disk->private_data as NULL as before. UAF may be triggered in nbd_open()
if someone tries to open nbd device right after nbd_put() since refcount
of nbd device is zero and private_data is not NULL.

Fixes: bd0c825c26c3 ("[Backport] nbd: use blk_mq_alloc_disk and blk_cleanup_disk")
Signed-off-by: default avatarLi Lingfeng <lilingfeng3@huawei.com>
Signed-off-by: default avatarLi Nan <linan122@huawei.com>
(cherry picked from commit 467373dd)
parent 2fda773f

drivers/block/nbd.c

+1 −0
Original line number Diff line number Diff line
@@ -229,6 +229,7 @@ static void nbd_dev_remove(struct nbd_device *nbd) 


	if (disk) {

		del_gendisk(disk);

		disk->private_data = NULL;

		blk_cleanup_disk(disk);

		blk_mq_free_tag_set(&nbd->tag_set);

	}