From 1ef97fe4f8abd3317d5c3c860f990e02c2633959 Mon Sep 17 00:00:00 2001 From: Gerald Schaefer Date: Wed, 3 May 2017 14:56:02 +0200 Subject: [PATCH] brd: fix uninitialized use of brd->dax_dev commit 1647b9b9 "brd: add dax_operations support" introduced the allocation and freeing of a dax_device, but the allocated dax_device is not stored into the brd_device, so brd_del_one() will eventually operate on an uninitialized brd->dax_dev. Fix this by storing the allocated dax_device to brd->dax_dev. Signed-off-by: Gerald Schaefer Signed-off-by: Dan Williams --- drivers/block/brd.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/drivers/block/brd.c b/drivers/block/brd.c index bfa4ed2..ec00c01 100644 --- a/drivers/block/brd.c +++ b/drivers/block/brd.c @@ -453,9 +453,7 @@ static struct brd_device *brd_alloc(int i) { struct brd_device *brd; struct gendisk *disk; -#ifdef CONFIG_BLK_DEV_RAM_DAX - struct dax_device *dax_dev; -#endif + brd = kzalloc(sizeof(*brd), GFP_KERNEL); if (!brd) goto out; @@ -497,8 +495,8 @@ static struct brd_device *brd_alloc(int i) #ifdef CONFIG_BLK_DEV_RAM_DAX queue_flag_set_unlocked(QUEUE_FLAG_DAX, brd->brd_queue); - dax_dev = alloc_dax(brd, disk->disk_name, &brd_dax_ops); - if (!dax_dev) + brd->dax_dev = alloc_dax(brd, disk->disk_name, &brd_dax_ops); + if (!brd->dax_dev) goto out_free_inode; #endif @@ -507,8 +505,8 @@ static struct brd_device *brd_alloc(int i) #ifdef CONFIG_BLK_DEV_RAM_DAX out_free_inode: - kill_dax(dax_dev); - put_dax(dax_dev); + kill_dax(brd->dax_dev); + put_dax(brd->dax_dev); #endif out_free_queue: blk_cleanup_queue(brd->brd_queue); -- 2.7.4