From 66dd32393c393f1feb46a6700757c02db416bf67 Mon Sep 17 00:00:00 2001
From: TomRita999 <chenqiuji666@gmail.com>
Date: Thu, 12 Jun 2025 16:52:46 +0800
Subject: [PATCH] nbd: fix uaf in nbd_genl_connect() error path

Signed-off-by: TomRita999 <chenqiuji666@gmail.com>
---
 drivers/block/nbd.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
index fbc4cdb5a5b9..0d3ac1c396d8 100644
--- a/drivers/block/nbd.c
+++ b/drivers/block/nbd.c
@@ -1886,6 +1886,7 @@ static int nbd_genl_connect(struct sk_buff *skb, struct genl_info *info)
 	int index = -1;
 	int ret;
 	bool put_dev = false;
+	bool device_started = false;
 
 	if (!netlink_capable(skb, CAP_SYS_ADMIN))
 		return -EPERM;
@@ -2067,6 +2068,10 @@ static int nbd_genl_connect(struct sk_buff *skb, struct genl_info *info)
 	ret = nbd_start_device(nbd);
 out:
 	mutex_unlock(&nbd->config_lock);
+	if (ret && device_started) {
+		nbd_disconnect_and_put(nbd);
+		return ret;
+	}
 	if (!ret) {
 		set_bit(NBD_RT_HAS_CONFIG_REF, &config->runtime_flags);
 		refcount_inc(&nbd->config_refs);
-- 
Gitee