Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/block
History
Bart Van Assche b425e50492 block: Avoid that blk_exit_rl() triggers a use-after-free 
Since the introduction of .init_rq_fn() and .exit_rq_fn() it is
essential that the memory allocated for struct request_queue
stays around until all blk_exit_rl() calls have finished. Hence
make blk_init_rl() take a reference on struct request_queue.

This patch fixes the following crash:

general protection fault: 0000 [#2] SMP
CPU: 3 PID: 28 Comm: ksoftirqd/3 Tainted: G      D         4.12.0-rc2-dbg+ #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014
task: ffff88013a108040 task.stack: ffffc9000071c000
RIP: 0010:free_request_size+0x1a/0x30
RSP: 0018:ffffc9000071fd38 EFLAGS: 00010202
RAX: 6b6b6b6b6b6b6b6b RBX: ffff880067362a88 RCX: 0000000000000003
RDX: ffff880067464178 RSI: ffff880067362a88 RDI: ffff880135ea4418
RBP: ffffc9000071fd40 R08: 0000000000000000 R09: 0000000100180009
R10: ffffc9000071fd38 R11: ffffffff81110800 R12: ffff88006752d3d8
R13: ffff88006752d3d8 R14: ffff88013a108040 R15: 000000000000000a
FS:  0000000000000000(0000) GS:ffff88013fd80000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa8ec1edb00 CR3: 0000000138ee8000 CR4: 00000000001406e0
Call Trace:
 mempool_destroy.part.10+0x21/0x40
 mempool_destroy+0xe/0x10
 blk_exit_rl+0x12/0x20
 blkg_free+0x4d/0xa0
 __blkg_release_rcu+0x59/0x170
 rcu_process_callbacks+0x260/0x4e0
 __do_softirq+0x116/0x250
 smpboot_thread_fn+0x123/0x1e0
 kthread+0x109/0x140
 ret_from_fork+0x31/0x40

Fixes: commit e9c787e65c ("scsi: allocate scsi_cmnd structures as part of struct request")
Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
Acked-by: Tejun Heo <tj@kernel.org>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Cc: Jan Kara <jack@suse.cz>
Cc: <stable@vger.kernel.org> # v4.11+
Signed-off-by: Jens Axboe <axboe@fb.com>
 		2017-06-01 13:07:55 -06:00
..
partitions partitions/msdos: FreeBSD UFS2 file systems are not recognized 2017-05-23 09:16:07 -06:00
Kconfig Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm 2017-05-12 15:43:10 -07:00
Kconfig.iosched block, bfq: add full hierarchical scheduling and cgroups support 2017-04-19 08:30:26 -06:00
Makefile block, bfq: split bfq-iosched.c into multiple source files 2017-04-19 08:48:24 -06:00
badblocks.c
bfq-cgroup.c block, bfq: split bfq-iosched.c into multiple source files 2017-04-19 08:48:24 -06:00
bfq-iosched.c block, bfq: stress that low_latency must be off to get max throughput 2017-05-10 07:39:43 -06:00
bfq-iosched.h bfq: fix compile error if CONFIG_CGROUPS=n 2017-04-20 09:39:12 -06:00
bfq-wf2q.c block, bfq: use pointer entity->sched_data only if set 2017-05-10 07:39:43 -06:00
bio-integrity.c
bio.c Merge branch 'md-next' into md-linus 2017-05-01 14:09:21 -07:00
blk-cgroup.c block: Avoid that blk_exit_rl() triggers a use-after-free 2017-06-01 13:07:55 -06:00
blk-core.c block: Avoid that blk_exit_rl() triggers a use-after-free 2017-06-01 13:07:55 -06:00
blk-exec.c block: remove the errors field from struct request 2017-04-20 12:16:10 -06:00
blk-flush.c block: make __blk_end_bidi_request private 2017-04-19 10:19:47 -06:00
blk-integrity.c block: fix blk_integrity_register to use template's interval_exp if not 0 2017-04-23 12:59:56 -06:00
blk-ioc.c
blk-lib.c block: remove the discard_zeroes_data flag 2017-04-08 11:25:38 -06:00
blk-map.c
blk-merge.c block: implement splitting of REQ_OP_WRITE_ZEROES bios 2017-04-08 11:25:38 -06:00
blk-mq-cpumap.c
blk-mq-debugfs.c mq-deadline: add debugfs attributes 2017-05-04 08:25:17 -06:00
blk-mq-debugfs.h mq-deadline: add debugfs attributes 2017-05-04 08:25:17 -06:00
blk-mq-pci.c
blk-mq-sched.c blk-mq-debugfs: allow schedulers to register debugfs attributes 2017-05-04 08:24:40 -06:00
blk-mq-sched.h blk-mq: Remove blk_mq_sched_move_to_dispatch() 2017-04-20 17:28:30 -06:00
blk-mq-sysfs.c blk-mq: untangle debugfs and sysfs 2017-05-04 08:24:13 -06:00
blk-mq-tag.c blk-mq: add shallow depth option for blk_mq_get_tag() 2017-04-14 14:06:54 -06:00
blk-mq-tag.h
blk-mq-virtio.c
blk-mq.c blk-mq: Take tagset lock when updating hw queues 2017-05-30 12:32:37 -06:00
blk-mq.h blk-mq: move debugfs declarations to a separate header file 2017-05-04 08:23:44 -06:00
blk-settings.c block: remove the discard_zeroes_data flag 2017-04-08 11:25:38 -06:00
blk-softirq.c
blk-stat.c blk-stat: don't use this_cpu_ptr() in a preemptable section 2017-05-10 07:40:18 -06:00
blk-stat.h blk-stat: kill blk_stat_rq_ddir() 2017-04-21 07:56:23 -06:00
blk-sysfs.c block: Avoid that blk_exit_rl() triggers a use-after-free 2017-06-01 13:07:55 -06:00
blk-tag.c
blk-throttle.c blk-throttle: force user to configure all settings for io.low 2017-05-22 14:47:12 -06:00
blk-timeout.c block: remove the errors field from struct request 2017-04-20 12:16:10 -06:00
blk-wbt.c blk-stat: kill blk_stat_rq_ddir() 2017-04-21 07:56:23 -06:00
blk-wbt.h block: Make writeback throttling defaults consistent for SQ devices 2017-04-19 08:49:03 -06:00
blk-zoned.c
blk.h block: Avoid that blk_exit_rl() triggers a use-after-free 2017-06-01 13:07:55 -06:00
bounce.c
bsg-lib.c scsi: introduce a result field in struct scsi_request 2017-04-20 12:16:10 -06:00
bsg.c Merge branch 'work.uaccess' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-05-01 14:41:04 -07:00
cfq-iosched.c cfq-iosched: fix the delay of cfq_group's vdisktime under iops mode 2017-05-31 09:25:21 -06:00
cmdline-parser.c
compat_ioctl.c block: remove the discard_zeroes_data flag 2017-04-08 11:25:38 -06:00
deadline-iosched.c
elevator.c elevator: remove redundant warnings on IO scheduler switch 2017-05-10 07:40:04 -06:00
genhd.c A reasonably busy cycle for documentation this time around. There is a new 2017-05-02 10:21:17 -07:00
ioctl.c block: remove the discard_zeroes_data flag 2017-04-08 11:25:38 -06:00
ioprio.c block: Optimize ioprio_best() 2017-04-19 17:38:36 -06:00
kyber-iosched.c kyber: add debugfs attributes 2017-05-04 08:25:17 -06:00
mq-deadline.c mq-deadline: add debugfs attributes 2017-05-04 08:25:17 -06:00
noop-iosched.c
opal_proto.h
partition-generic.c block: fix an error code in add_partition() 2017-05-23 08:41:59 -06:00
scsi_ioctl.c scsi: introduce a result field in struct scsi_request 2017-04-20 12:16:10 -06:00
sed-opal.c block: sed-opal: Tone down all the pr_* to debugs 2017-04-07 14:24:16 -06:00
t10-pi.c