Commit f488e2bb authored Jun 11, 2024 by Yu Kuai Committed by Li Lingfeng Jun 11, 2024

block: fix module reference leakage from bdev_open_by_dev error path

mainline inclusion
from mainline-v6.9-rc6
commit 9617cd6f24b294552a817f80f5225431ef67b540
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9Q9I0
CVE: CVE-2024-35859

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9617cd6f24b294552a817f80f5225431ef67b540



--------------------------------

At the time bdev_may_open() is called, module reference is grabbed
already, hence module reference should be released if bdev_may_open()
failed.

This problem is found by code review.

Fixes: ed5cc702d311 ("block: Add config option to not allow writing to mounted devices")
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Link: https://lore.kernel.org/r/20240406090930.2252838-22-yukuai1@huaweicloud.com


Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Li Lingfeng <lilingfeng3@huawei.com>

parent 59d9c906

block/bdev.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -946,7 +946,7 @@ struct bdev_handle bdev_open_by_dev(dev_t dev, blk_mode_t mode, void holder,
		goto abort_claiming;
		ret = -EBUSY;
		if (!bdev_may_open(bdev, mode))
		goto abort_claiming;
		goto put_module;
		if (bdev_is_partition(bdev))
		ret = blkdev_get_part(bdev, mode);
		else