nbd: fix assignment error for first_minor in nbd_dev_add

Offering: HULK
hulk inclusion
category: bugfix
bugzilla: 188413, https://gitee.com/openeuler/kernel/issues/I6GWYG

----------------------------------------

A panic error is like below:

nbd_genl_connect
 nbd_dev_add
   first_minor = index << part_shift; // index =-1
   ...
   __device_add_disk
     blk_alloc_devt
       *devt = MKDEV(disk->major, disk->first_minor + part->partno);
       // part->partno = 0， first_minor = 11...110000 major is covered

There, index < 0 will reassign an index, but here disk->first_minor is
assigned -1 << part_shift.

This causes to the creation of the device with the same major and minor
device numbers each time the incoming index<0, and this will lead to
creation of kobject failed:
Warning: kobject_add_internal failed for 4095:1048544 with -EEXIST, don't
try to register things with the same name in the same directory.

Fix it by moving the first_minor assignment down to after getting the new
index.

Fixes: 60141517 ("nbd: Fix use-after-free in blk_mq_free_rqs")
Signed-off-by: NZhong Jinghua <zhongjinghua@huawei.com>
Reviewed-by: NYu Kuai <yukuai3@huawei.com>
Reviewed-by: NHou Tao <houtao1@huawei.com>
Signed-off-by: NJialin Zhang <zhangjialin11@huawei.com>

drivers/block/nbd.c

@@ -1771,7 +1771,6 @@ static int nbd_dev_add(int index)
 	struct gendisk *disk;
 	struct request_queue *q;
 	int err = -ENOMEM;
-	int first_minor = index << part_shift;
 
 	nbd = kzalloc(sizeof(struct nbd_device), GFP_KERNEL);
 	if (!nbd)
@@ -1835,7 +1834,7 @@ static int nbd_dev_add(int index)
 	refcount_set(&nbd->refs, 1);
 	INIT_LIST_HEAD(&nbd->list);
 	disk->major = NBD_MAJOR;
-	disk->first_minor = first_minor;
+	disk->first_minor = index << part_shift;
 	disk->fops = &nbd_fops;
 	disk->private_data = nbd;
 	sprintf(disk->disk_name, "nbd%d", index);