scsi: sd: Fix potential NULL pointer dereference

[ Upstream commit 05fbde3a77 ]

If sd_probe() sees an early error before sdkp->device is initialized,
sd_zbc_release_disk() is called. This causes a NULL pointer dereference
when sd_is_zoned() is called inside that function. Avoid this by removing
the call to sd_zbc_release_disk() in sd_probe() error path.

This change is safe and does not result in zone information memory leakage
because the zone information for a zoned disk is allocated only when
sd_revalidate_disk() is called, at which point sdkp->disk_dev is fully set,
resulting in sd_disk_release() being called when needed to cleanup a disk
zone information using sd_zbc_release_disk().

Link: https://lore.kernel.org/r/20220601062544.905141-2-damien.lemoal@opensource.wdc.com
Fixes: 89d9475610 ("sd: Implement support for ZBC devices")
Reported-by: Dongliang Mu <mudongliangabcd@gmail.com>
Suggested-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Damien Le Moal 2022-06-01 15:25:43 +09:00 committed by Greg Kroah-Hartman
parent 73647a1f92
commit 0fcb0b131c

View File

@ -3480,7 +3480,6 @@ static int sd_probe(struct device *dev)
out_put: out_put:
put_disk(gd); put_disk(gd);
out_free: out_free:
sd_zbc_release_disk(sdkp);
kfree(sdkp); kfree(sdkp);
out: out:
scsi_autopm_put_device(sdp); scsi_autopm_put_device(sdp);