Commit f13656bb authored by Zhong Jinghua's avatar Zhong Jinghua Committed by Li Nan
Browse files

mtd/ubi/block: Fix uaf problem in ubiblock_cleanup 

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I81XCK



----------------------------------------

put_disk should be placed after idr_remove, otherwise it will trigger
the uaf problem of dev->gd.

Fixes: 77567b25 ("ubi: use blk_mq_alloc_disk and blk_cleanup_disk")
Signed-off-by: default avatarZhong Jinghua <zhongjinghua@huawei.com>
Signed-off-by: default avatarLi Nan <linan122@huawei.com>
parent a18856a3

drivers/mtd/ubi/block.c

+1 −1
Original line number Diff line number Diff line
@@ -481,9 +481,9 @@ static void ubiblock_cleanup(struct ubiblock *dev) 
	destroy_workqueue(dev->wq);

	/* Finally destroy the blk queue */

	dev_info(disk_to_dev(dev->gd), "released");

	idr_remove(&ubiblock_minor_idr, dev->gd->first_minor);

	blk_cleanup_disk(dev->gd);

	blk_mq_free_tag_set(&dev->tag_set);

	idr_remove(&ubiblock_minor_idr, dev->gd->first_minor);

}



int ubiblock_remove(struct ubi_volume_info *vi)