Re: [PATCH 3/6] floppy: avoid leaking extra reference to queue ondo_floppy_init error handling

From: Vivek Goyal
Date: Fri Aug 10 2012 - 13:25:29 EST


On Thu, Aug 09, 2012 at 04:59:48PM -0300, Herton Ronaldo Krzesinski wrote:
> After commit 3f9a5aa ("floppy: Cleanup disk->queue before caling
> put_disk() if add_disk() was never called"), if something fails in the
> add_disk loop, we unconditionally set disks[dr]->queue to NULL. But
> that's wrong, since we may have succesfully done an add_disk on some of
> the drives previously in the loop, and in this case we would end up with
> an extra reference to the disks[dr]->queue.
>
> Add a new global array to mark "registered" disks, and use that to check
> if we did an add_disk on one of the disks already. Using an array to
> track added disks also will help to simplify/cleanup code later, as
> suggested by Vivek Goyal.
>
> Signed-off-by: Herton Ronaldo Krzesinski <herton.krzesinski@xxxxxxxxxxxxx>
> Cc: stable@xxxxxxxxxxxxxxx

Looks good to me.

Acked-by: Vivek Goyal <vgoyal@xxxxxxxxxx>

Vivek

> ---
> drivers/block/floppy.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c
> index 1e09e99..9272203 100644
> --- a/drivers/block/floppy.c
> +++ b/drivers/block/floppy.c
> @@ -409,6 +409,7 @@ static struct floppy_drive_struct drive_state[N_DRIVE];
> static struct floppy_write_errors write_errors[N_DRIVE];
> static struct timer_list motor_off_timer[N_DRIVE];
> static struct gendisk *disks[N_DRIVE];
> +static bool disk_registered[N_DRIVE];
> static struct block_device *opened_bdev[N_DRIVE];
> static DEFINE_MUTEX(open_lock);
> static struct floppy_raw_cmd *raw_cmd, default_raw_cmd;
> @@ -4305,6 +4306,7 @@ static int __init do_floppy_init(void)
> disks[drive]->flags |= GENHD_FL_REMOVABLE;
> disks[drive]->driverfs_dev = &floppy_device[drive].dev;
> add_disk(disks[drive]);
> + disk_registered[drive] = true;
> }
>
> return 0;
> @@ -4328,7 +4330,8 @@ out_put_disk:
> * put_disk() is not paired with add_disk() and
> * will put queue reference one extra time. fix it.
> */
> - disks[dr]->queue = NULL;
> + if (!disk_registered[dr])
> + disks[dr]->queue = NULL;
> }
> put_disk(disks[dr]);
> }
> --
> 1.7.9.5
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/