nvme-loop: don't put ctrl on nvme_init_ctrl error
mainline inclusion from mainline-v5.10-rc1 commit 1401fcc4 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I956G7 CVE: CVE-2021-47074 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1401fcc4e3da97c44dcc7cbf538c07e24768d791 -------------------------------- The function nvme_init_ctrl() gets the ctrl reference & when it fails it does put the ctrl reference in the error unwind code. When creating loop ctrl in nvme_loop_create_ctrl() if nvme_init_ctrl() returns non zero (i.e. error) value it jumps to the "out_put_ctrl" label which calls nvme_put_ctrl(), that will lead to douple ctrl put in error unwind path. Update nvme_loop_create_ctrl() such that this patch removes the "out_put_ctrl" label, add a new "out" label after nvme_put_ctrl() in error unwind path and jump to newly added label when nvme_init_ctrl() call retuns an error. Signed-off-by:Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com> Signed-off-by:
Loading
Please sign in to comment