Re: [PATCH v2 12/15] leds: trigger: blkdev: Enable unlinking block devices from LEDs

From: Dan Carpenter
Date: Tue Sep 14 2021 - 05:59:02 EST

Next message: Vasily Averin: "Re: [PATCH memcg] memcg: prohibit unconditional exceeding the limit of dying tasks"
Previous message: Russell King (Oracle): "Re: [PATCH] [RFC]arm64:Mark __stack_chk_guard as __ro_after_init"
In reply to: Ian Pilcher: "[PATCH v2 12/15] leds: trigger: blkdev: Enable unlinking block devices from LEDs"
Next in thread: Ian Pilcher: "[PATCH v2 13/15] leds: trigger: blkdev: Add LED trigger deactivate function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Ian,

url: https://github.com/0day-ci/linux/commits/Ian-Pilcher/Introduce-block-device-LED-trigger/20210910-062756
base: a3fa7a101dcff93791d1b1bdb3affcad1410c8c1
config: i386-randconfig-m021-20210912 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@xxxxxxxxx>
Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>

smatch warnings:
drivers/leds/trigger/ledtrig-blkdev.c:410 blkdev_disk_unlink_locked() error: dereferencing freed memory 'disk'

vim +/disk +410 drivers/leds/trigger/ledtrig-blkdev.c

66cb682de7e8bd Ian Pilcher 2021-09-09 388 static void blkdev_disk_unlink_locked(struct ledtrig_blkdev_led *const led,
66cb682de7e8bd Ian Pilcher 2021-09-09 389 struct ledtrig_blkdev_link *const link,
66cb682de7e8bd Ian Pilcher 2021-09-09 390 struct ledtrig_blkdev_disk *const disk)
66cb682de7e8bd Ian Pilcher 2021-09-09 391 {
66cb682de7e8bd Ian Pilcher 2021-09-09 392 --ledtrig_blkdev_count;
66cb682de7e8bd Ian Pilcher 2021-09-09 393
66cb682de7e8bd Ian Pilcher 2021-09-09 394 if (ledtrig_blkdev_count == 0)
66cb682de7e8bd Ian Pilcher 2021-09-09 395 WARN_ON(!cancel_delayed_work_sync(&ledtrig_blkdev_work));
66cb682de7e8bd Ian Pilcher 2021-09-09 396
66cb682de7e8bd Ian Pilcher 2021-09-09 397 sysfs_remove_link(led->dir, disk->gd->disk_name);
66cb682de7e8bd Ian Pilcher 2021-09-09 398 sysfs_remove_link(disk->dir, led->led_dev->name);
66cb682de7e8bd Ian Pilcher 2021-09-09 399 kobject_put(disk->dir);
66cb682de7e8bd Ian Pilcher 2021-09-09 400
66cb682de7e8bd Ian Pilcher 2021-09-09 401 hlist_del(&link->led_disks_node);
66cb682de7e8bd Ian Pilcher 2021-09-09 402 hlist_del(&link->disk_leds_node);
66cb682de7e8bd Ian Pilcher 2021-09-09 403 kfree(link);
66cb682de7e8bd Ian Pilcher 2021-09-09 404
66cb682de7e8bd Ian Pilcher 2021-09-09 405 if (hlist_empty(&disk->leds)) {
66cb682de7e8bd Ian Pilcher 2021-09-09 406 disk->gd->ledtrig = NULL;
66cb682de7e8bd Ian Pilcher 2021-09-09 407 kfree(disk);
^^^^
Freed.

66cb682de7e8bd Ian Pilcher 2021-09-09 408 }
66cb682de7e8bd Ian Pilcher 2021-09-09 409
66cb682de7e8bd Ian Pilcher 2021-09-09 @410 put_disk(disk->gd);
^^^^^^^^
Dereference after free.

66cb682de7e8bd Ian Pilcher 2021-09-09 411 }

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@xxxxxxxxxxxx

Next message: Vasily Averin: "Re: [PATCH memcg] memcg: prohibit unconditional exceeding the limit of dying tasks"
Previous message: Russell King (Oracle): "Re: [PATCH] [RFC]arm64:Mark __stack_chk_guard as __ro_after_init"
In reply to: Ian Pilcher: "[PATCH v2 12/15] leds: trigger: blkdev: Enable unlinking block devices from LEDs"
Next in thread: Ian Pilcher: "[PATCH v2 13/15] leds: trigger: blkdev: Add LED trigger deactivate function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]