+4
−3
Loading
ubi: block: fix null-pointer-dereference in ubiblock_create()
mainline inclusion from mainline-v6.11-rc1 commit 4f9d406c8c90dc17470cf63342c16f66ec2d978e category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IAWXV9 CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f9d406c8c90dc17470cf63342c16f66ec2d978e -------------------------------- Similar to commit adbf4c4954e3 ("ubi: block: fix memleak in ubiblock_create()"), 'dev->gd' is not assigned but dereferenced if blk_mq_alloc_tag_set() fails, and leading to a null-pointer-dereference. Fix it by using pr_err() and variable 'dev' to print error log. Additionally, the log in the error handle path of idr_alloc() has been improved by using pr_err(), too. Before initializing device name, using dev_err() will print error log with 'null' instead of the actual device name, like this: block (null): ... ~~~~~~ It is unclear. Using pr_err() can print more details of the device. The improved log is: ubiblock0_0: ... Fixes: 77567b25 ("ubi: use blk_mq_alloc_disk and blk_cleanup_disk") Reported-by:Dan Carpenter <dan.carpenter@linaro.org> Signed-off-by: