dm: fix a crash if blk_alloc_disk fails

If blk_alloc_disk fails, the variable md->disk is set to an error value.
cleanup_mapped_device will see that md->disk is non-NULL and it will
attempt to access it, causing a crash on this statement
"md->disk->private_data = NULL;".

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Reported-by: Chenyuan Yang <chenyuan0y@gmail.com>
Closes: https://marc.info/?l=dm-devel&m=172824125004329&w=2
Cc: stable@vger.kernel.org
Reviewed-by: Nitesh Shetty <nj.shetty@samsung.com>

diff --git a/drivers/md/dm.c b/drivers/md/dm.c
index ff4a6b570b7644ee0097185b0468117d2f220ba7..19230404d8c2bd221a1671812e7b519519fe622e 100644 (file)
--- a/drivers/md/dm.c
+++ b/drivers/md/dm.c
@@ -2290,8 +2290,10 @@ static struct mapped_device *alloc_dev(int minor)
         * override accordingly.
         */
        md->disk = blk_alloc_disk(NULL, md->numa_node_id);
-       if (IS_ERR(md->disk))
+       if (IS_ERR(md->disk)) {
+               md->disk = NULL;
                goto bad;
+       }
        md->queue = md->disk->queue;
 
        init_waitqueue_head(&md->wait);