| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAMGffE=D5Cj0UmzCGPLwW2WCOKU0NpKPeERfToMdt-trQWwZgw@mail.gmail.com>
Date: Thu, 18 Dec 2025 14:54:49 +0100
From: Jinpu Wang <jinpu.wang@...os.com>
To: Thomas Fourier <fourier.thomas@...il.com>
Cc: "Md. Haris Iqbal" <haris.iqbal@...os.com>, Jens Axboe <axboe@...nel.dk>,
Md Haris Iqbal <haris.iqbal@...ud.ionos.com>, Lutz Pogrell <lutz.pogrell@...ud.ionos.com>,
linux-block@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] block: rnbd-clt: Fix leaked ID in init_dev()
On Wed, Dec 17, 2025 at 10:37 AM Thomas Fourier
<fourier.thomas@...il.com> wrote:
>
> If kstrdup() fails in init_dev(), then the newly allocated ID is lost.
>
> Fixes: 64e8a6ece1a5 ("block/rnbd-clt: Dynamically alloc buffer for pathname & blk_symlink_name")
> Signed-off-by: Thomas Fourier <fourier.thomas@...il.com>
Acked-by: Jack Wang <jinpu.wang@...os.com>
> ---
> v1->v2:
> - store id in dev directly
>
> drivers/block/rnbd/rnbd-clt.c | 13 ++++++++-----
> 1 file changed, 8 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/block/rnbd/rnbd-clt.c b/drivers/block/rnbd/rnbd-clt.c
> index f1409e54010a..d1c354636315 100644
> --- a/drivers/block/rnbd/rnbd-clt.c
> +++ b/drivers/block/rnbd/rnbd-clt.c
> @@ -1423,9 +1423,11 @@ static struct rnbd_clt_dev *init_dev(struct rnbd_clt_session *sess,
> goto out_alloc;
> }
>
> - ret = ida_alloc_max(&index_ida, (1 << (MINORBITS - RNBD_PART_BITS)) - 1,
> - GFP_KERNEL);
> - if (ret < 0) {
> + dev->clt_device_id = ida_alloc_max(&index_ida,
> + (1 << (MINORBITS - RNBD_PART_BITS)) - 1,
> + GFP_KERNEL);
> + if (dev->clt_device_id < 0) {
> + ret = dev->clt_device_id;
> pr_err("Failed to initialize device '%s' from session %s, allocating idr failed, err: %d\n",
> pathname, sess->sessname, ret);
> goto out_queues;
> @@ -1434,10 +1436,9 @@ static struct rnbd_clt_dev *init_dev(struct rnbd_clt_session *sess,
> dev->pathname = kstrdup(pathname, GFP_KERNEL);
> if (!dev->pathname) {
> ret = -ENOMEM;
> - goto out_queues;
> + goto out_ida;
> }
>
> - dev->clt_device_id = ret;
> dev->sess = sess;
> dev->access_mode = access_mode;
> dev->nr_poll_queues = nr_poll_queues;
> @@ -1453,6 +1454,8 @@ static struct rnbd_clt_dev *init_dev(struct rnbd_clt_session *sess,
>
> return dev;
>
> +out_ida:
> + ida_free(&index_ida, dev->clt_device_id);
> out_queues:
> kfree(dev->hw_queues);
> out_alloc:
> --
> 2.43.0
>
Powered by blists - more mailing lists