Re: [PATCH] block: rnbd-clt: Fix leaked ID in init_dev()

From: Christophe JAILLET
Date: Tue Dec 16 2025 - 13:33:34 EST

Next message: Dan Carpenter: "Re: [PATCH v2 0/4] s32g: Use a syscon for GPR"
Previous message: Conor Dooley: "Re: [PATCH v2 11/19] dt-bindings: crypto: atmel,at91sam9g46-aes: add microchip,lan9691-aes"
In reply to: Thomas Fourier: "[PATCH] block: rnbd-clt: Fix leaked ID in init_dev()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Le 16/12/2025 à 18:22, Thomas Fourier a écrit :

If kstrdup() fails in init_dev(), then the newly allocated ID is lost.

Fixes: 64e8a6ece1a5 ("block/rnbd-clt: Dynamically alloc buffer for pathname & blk_symlink_name")
Signed-off-by: Thomas Fourier <fourier.thomas@xxxxxxxxx>
---
drivers/block/rnbd/rnbd-clt.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/block/rnbd/rnbd-clt.c b/drivers/block/rnbd/rnbd-clt.c
index f1409e54010a..d33698eb428d 100644
--- a/drivers/block/rnbd/rnbd-clt.c
+++ b/drivers/block/rnbd/rnbd-clt.c
@@ -1434,7 +1434,7 @@ static struct rnbd_clt_dev *init_dev(struct rnbd_clt_session *sess,
dev->pathname = kstrdup(pathname, GFP_KERNEL);
if (!dev->pathname) {
ret = -ENOMEM;

^_______ here

- goto out_queues;
+ goto out_ida;
}
dev->clt_device_id = ret;
@@ -1453,6 +1453,8 @@ static struct rnbd_clt_dev *init_dev(struct rnbd_clt_session *sess,
return dev;
+out_ida:
+ ida_free(&index_ida, ret);

This does not work.
'ret' is being re-assigned to -ENOMEM before going there.

But there is definitively a bug to be fixed.
Maybe by assigning clt_device_id earlier and using it in the error handling path?

CJ

out_queues:
kfree(dev->hw_queues);
out_alloc:

Next message: Dan Carpenter: "Re: [PATCH v2 0/4] s32g: Use a syscon for GPR"
Previous message: Conor Dooley: "Re: [PATCH v2 11/19] dt-bindings: crypto: atmel,at91sam9g46-aes: add microchip,lan9691-aes"
In reply to: Thomas Fourier: "[PATCH] block: rnbd-clt: Fix leaked ID in init_dev()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]