mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/block
History
xiao jin c19199167c block: blk_init_allocated_queue() set q->fq as NULL in the fail case 
commit 54648cf1ec upstream.

We find the memory use-after-free issue in __blk_drain_queue()
on the kernel 4.14. After read the latest kernel 4.18-rc6 we
think it has the same problem.

Memory is allocated for q->fq in the blk_init_allocated_queue().
If the elevator init function called with error return, it will
run into the fail case to free the q->fq.

Then the __blk_drain_queue() uses the same memory after the free
of the q->fq, it will lead to the unpredictable event.

The patch is to set q->fq as NULL in the fail case of
blk_init_allocated_queue().

Fixes: commit 7c94e1c157 ("block: introduce blk_flush_queue to drive flush machinery")
Cc: <stable@vger.kernel.org>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com>
Signed-off-by: xiao jin <jin.xiao@intel.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
[groeck: backport to v4.4.y/v4.9.y (context change)]
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Alessio Balsini <balsini@android.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2019-08-11 12:22:18 +02:00
..
partitions partitions/aix: fix usage of uninitialized lv_info and lvname structures 2018-09-19 22:47:15 +02:00
Kconfig Merge branch 'for-4.9/block-irq' of git://git.kernel.dk/linux-block 2016-10-09 17:29:33 -07:00
Kconfig.iosched
Makefile Merge branch 'for-4.9/block-smp' of git://git.kernel.dk/linux-block 2016-10-09 17:32:20 -07:00
badblocks.c badblocks: fix wrong return value in badblocks_set if badblocks are disabled 2017-12-20 10:07:29 +01:00
bio-integrity.c bio-integrity: Do not allocate integrity context for bio w/o data 2018-04-13 19:48:18 +02:00
bio.c block: do not leak memory in bio_copy_user_iov() 2019-04-17 08:36:46 +02:00
blk-cgroup.c block,blkcg: use __GFP_NOWARN for best-effort allocations in blkcg 2018-09-19 22:47:11 +02:00
blk-core.c block: blk_init_allocated_queue() set q->fq as NULL in the fail case 2019-08-11 12:22:18 +02:00
blk-exec.c block: Fix spelling in a source code comment 2016-07-20 21:28:22 -06:00
blk-flush.c block: flush: fix IO hang in case of flood fua req 2016-10-26 07:49:27 -06:00
blk-integrity.c block: fix blk_integrity_register to use template's interval_exp if not 0 2017-05-20 14:28:36 +02:00
blk-ioc.c mm, page_alloc: distinguish between being unable to sleep, unwilling to sleep and avoiding waking kswapd 2015-11-06 17:50:42 -08:00
blk-lib.c block: fix infinite loop if the device loses discard capability 2018-12-29 13:40:14 +01:00
blk-map.c blk_rq_map_user_iov: fix error override 2018-02-25 11:05:42 +01:00
blk-merge.c block: make sure a big bio is split into at most 256 bvecs 2016-08-24 08:17:24 -06:00
blk-mq-cpumap.c blk-mq: allow the driver to pass in a queue mapping 2016-09-15 08:42:03 -06:00
blk-mq-pci.c blk-mq-pci: add a fallback when pci_irq_get_affinity returns NULL 2017-08-24 17:12:20 -07:00
blk-mq-sysfs.c blk-mq: initialize mq kobjects in blk_mq_init_allocated_queue() 2017-12-14 09:28:21 +01:00
blk-mq-tag.c blk-mq: Fix tagset reinit in the presence of cpu hot-unplug 2017-12-20 10:07:20 +01:00
blk-mq-tag.h Merge branch 'for-4.9/block-irq' of git://git.kernel.dk/linux-block 2016-10-09 17:29:33 -07:00
blk-mq.c block/mq: fix potential deadlock during cpu hotplug 2018-04-24 09:34:18 +02:00
blk-mq.h blk-mq: initialize mq kobjects in blk_mq_init_allocated_queue() 2017-12-14 09:28:21 +01:00
blk-settings.c block: kill off q->flush_flags 2016-04-13 13:33:19 -06:00
blk-softirq.c This adds a new gcc plugin named "latent_entropy". It is designed to 2016-10-15 10:03:15 -07:00
blk-sysfs.c blk-mq: register device instead of disk 2016-09-21 07:56:16 -06:00
blk-tag.c block: support different tag allocation policy 2015-01-23 14:15:46 -07:00
blk-throttle.c blk-throttle: make sure expire time isn't too big 2018-03-22 09:17:44 +01:00
blk-timeout.c block: Fix a race between blk_cleanup_queue() and timeout handling 2017-11-30 08:39:06 +00:00
blk.h blk-mq: remove ->map_queue 2016-09-15 08:42:03 -06:00
bounce.c Merge branch 'for-linus' of git://git.kernel.dk/linux-block 2015-09-19 18:57:09 -07:00
bsg-lib.c Revert "bsg-lib: don't free job in bsg_prepare_job" 2017-10-21 17:21:33 +02:00
bsg.c sg_write()/bsg_write() is not fit to be called under KERNEL_DS 2017-01-09 08:32:25 +01:00
cfq-iosched.c block,blkcg: use __GFP_NOWARN for best-effort allocations in blkcg 2018-09-19 22:47:11 +02:00
cmdline-parser.c block: remove unrelated header files and export symbol 2014-01-21 20:18:26 -08:00
compat_ioctl.c take floppy compat ioctls to sodding floppy.c 2019-08-04 09:33:29 +02:00
deadline-iosched.c block: do not merge requests without consulting with io scheduler 2016-07-20 21:35:12 -06:00
elevator.c block: Fix secure erase 2016-08-16 09:16:51 -06:00
genhd.c block: fix bdi vs gendisk lifetime mismatch 2016-08-04 14:19:16 -06:00
ioctl.c block: invalidate the page cache when issuing BLKZEROOUT 2016-10-11 15:06:30 -07:00
ioprio.c block: fix use-after-free in sys_ioprio_get() 2016-07-01 08:39:24 -06:00
noop-iosched.c elevator: use list_{first,prev,next}_entry 2015-11-16 15:21:48 -07:00
partition-generic.c block: fix an error code in add_partition() 2018-04-13 19:48:04 +02:00
scsi_ioctl.c block: allow WRITE_SAME commands with the SG_IO ioctl 2017-03-22 12:43:38 +01:00
t10-pi.c block: Consolidate static integrity profile properties 2015-10-21 14:42:38 -06:00