mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-26 20:38:12 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers
History
Liu Xiaodong ee1e3fe4b4 block: ublk: extending queue_size to fix overflow 
[ Upstream commit 29baef789c ]

When validating drafted SPDK ublk target, in a case that
assigning large queue depth to multiqueue ublk device,
ublk target would run into a weird incorrect state. During
rounds of review and debug, An overflow bug was found
in ublk driver.

In ublk_cmd.h, UBLK_MAX_QUEUE_DEPTH is 4096 which means
each ublk queue depth can be set as large as 4096. But
when setting qd for a ublk device,
sizeof(struct ublk_queue) + depth * sizeof(struct ublk_io)
will be larger than 65535 if qd is larger than 2728.
Then queue_size is overflowed, and ublk_get_queue()
references a wrong pointer position. The wrong content of
ublk_queue elements will lead to out-of-bounds memory
access.

Extend queue_size in ublk_device as "unsigned int".

Signed-off-by: Liu Xiaodong <xiaodong.liu@intel.com>
Fixes: 71f28f3136 ("ublk_drv: add io_uring based userspace block driver")
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20230131070552.115067-1-xiaodong.liu@intel.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-02-09 11:28:08 +01:00
..
accessibility tty: fix possible null-ptr-defer in spk_ttyio_release 2023-01-24 07:24:37 +01:00
acpi use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
amba
android
ata ata: pata_cs5535: Don't build on UML 2023-02-01 08:34:34 +01:00
atm
auxdisplay
base driver core: Fix test_async_probe_init saves device in wrong array 2023-02-01 08:34:26 +01:00
bcma
block block: ublk: extending queue_size to fix overflow 2023-02-09 11:28:08 +01:00
bluetooth Bluetooth: hci_qca: Fix driver shutdown on closed serdev 2023-01-24 07:24:32 +01:00
bus bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() 2023-02-09 11:27:59 +01:00
cdrom
char use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
clk clk: imx: imx8mp: add shared clk gate for usb suspend clk 2022-12-31 13:33:09 +01:00
clocksource clocksource/drivers/timer-ti-dm: Fix missing clk_disable_unprepare in dmtimer_systimer_init_clock() 2022-12-31 13:31:59 +01:00
comedi comedi: adv_pci1760: Fix PWM instruction handling 2023-01-24 07:24:35 +01:00
connector
counter counter: stm32-lptimer-cnt: fix the check on arr and cmp registers update 2022-12-31 13:32:41 +01:00
cpufreq cpufreq: armada-37xx: stop using 0 as NULL pointer 2023-02-01 08:34:31 +01:00
cpuidle cpuidle: dt: Return the correct numbers of parsed idle states 2022-12-31 13:31:55 +01:00
crypto virtio-crypto: fix memory leak in virtio_crypto_alg_skcipher_close_session() 2023-01-12 12:02:08 +01:00
cxl cxl/region: Fix missing probe failure 2023-01-07 11:11:39 +01:00
dax
dca
devfreq PM/devfreq: governor: Add a private governor_data for governor 2023-01-07 11:11:40 +01:00
dio drivers: dio: fix possible memory leak in dio_init() 2022-12-31 13:32:38 +01:00
dma dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init 2023-02-06 08:06:33 +01:00
dma-buf dma-buf: fix dma_buf_export init order v2 2023-01-24 07:24:30 +01:00
edac EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info 2023-02-01 08:34:40 +01:00
eisa
extcon extcon: usbc-tusb320: Update state on probe even if no IRQ pending 2022-12-31 13:32:39 +01:00
firewire firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region 2023-02-09 11:27:59 +01:00
firmware firmware: arm_scmi: Clear stale xfer->hdr.status 2023-02-06 08:06:31 +01:00
fpga
fsi use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
gnss
gpio gpiolib-acpi: Don't set GPIOs for wakeup in S3 mode 2023-02-06 08:06:34 +01:00
gpu drm/i915/adlp: Fix typo for reference clock 2023-02-09 11:28:07 +01:00
greybus
hid HID: playstation: sanity check DualSense calibration data. 2023-02-06 08:06:33 +01:00
hsi HSI: omap_ssi_core: Fix error handling in ssi_init() 2022-12-31 13:32:45 +01:00
hte
hv video: hyperv_fb: Avoid taking busy spinlock on panic path 2022-12-31 13:32:56 +01:00
hwmon hwmon: (jc42) Fix missing unlock on error in jc42_write() 2022-12-31 13:33:06 +01:00
hwspinlock
hwtracing coresight: cti: Fix null pointer error on CTI init before ETM 2022-12-31 13:32:41 +01:00
i2c i2c: designware: Fix unbalanced suspended flag 2023-02-01 08:34:42 +01:00
i3c
idle
iio iio: addac: ad74413r: fix integer promotion bug in ad74413_get_input_current_offset() 2022-12-31 13:33:10 +01:00
infiniband use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
input Input: i8042 - add Clevo PCX0DX to i8042 quirk table 2023-02-01 08:34:50 +01:00
interconnect interconnect: qcom: msm8996: Fix regmap max_register values 2023-02-01 08:34:06 +01:00
iommu iommu/arm-smmu: Report IOMMU_CAP_CACHE_COHERENCY even betterer 2023-01-18 11:58:21 +01:00
ipack
irqchip irqchip/loongson-liointc: Fix improper error handling in liointc_init() 2022-12-31 13:31:57 +01:00
isdn use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
leds leds: is31fl319x: Fix setting current limit for is31fl319{0,1,3} 2022-12-31 13:32:45 +01:00
macintosh macintosh/macio-adb: check the return value of ioremap() 2022-12-31 13:32:50 +01:00
mailbox mailbox: zynq-ipi: fix error handling while device_register() fails 2022-12-31 13:32:55 +01:00
mcb mcb: mcb-parse: fix error handing in chameleon_parse_gdd() 2022-12-31 13:32:41 +01:00
md block: handle bio_split_to_limits() NULL return 2023-01-18 11:58:33 +01:00
media media: v4l2-ctrls-api.c: move ctrl->is_new = 1 to the correct line 2023-02-09 11:28:01 +01:00
memory memory: mvebu-devbus: Fix missing clk_disable_unprepare in mvebu_devbus_probe() 2023-02-01 08:34:02 +01:00
memstick memstick/ms_block: Add check for alloc_ordered_workqueue 2022-12-31 13:32:25 +01:00
message
mfd mfd: mt6360: Add bounds checking in Regmap read/write call-backs 2023-01-04 11:29:01 +01:00
misc use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
mmc mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting 2023-01-24 07:24:35 +01:00
most
mtd mtd: cfi: allow building spi-intel standalone 2023-01-18 11:58:24 +01:00
mux
net net: wwan: t7xx: Fix Runtime PM initialization 2023-02-09 11:28:05 +01:00
nfc nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() 2023-01-18 11:58:26 +01:00
ntb
nubus
nvdimm
nvme use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
nvmem
of of: fdt: Honor CONFIG_CMDLINE* even without /chosen node, take 2 2023-01-24 07:24:32 +01:00
opp
parisc parisc: led: Fix potential null-ptr-deref in start_task() 2023-01-07 11:11:55 +01:00
parport
pci PCI/sysfs: Fix double free in error path 2023-01-07 11:11:53 +01:00
pcmcia
peci
perf Partially revert "perf/arm-cmn: Optimise DTC counter accesses" 2023-02-01 08:34:49 +01:00
phy phy: phy-can-transceiver: Skip warning if no "max-bitrate" 2023-02-01 08:34:25 +01:00
pinctrl pinctrl: rockchip: fix mux route data for rk3568 2023-02-01 08:34:20 +01:00
platform platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 2023-02-09 11:28:07 +01:00
pnp PNP: fix name memory leak in pnp_alloc_dev() 2022-12-31 13:31:56 +01:00
power power: supply: fix null pointer dereferencing in power_supply_get_battery_info 2022-12-31 13:32:45 +01:00
powercap
pps
ps3
ptp
pwm pwm: tegra: Fix 32 bit build 2022-12-31 13:33:12 +01:00
rapidio rapidio: devices: fix missing put_device in mport_cdev_open 2022-12-31 13:32:00 +01:00
ras
regulator regulator: da9211: Use irq handler when ready 2023-01-18 11:58:22 +01:00
remoteproc remoteproc: imx_rproc: Correct i.MX93 DRAM mapping 2023-01-07 11:11:55 +01:00
reset reset: uniphier-glue: Fix possible null-ptr-deref 2023-02-01 08:34:05 +01:00
rpmsg
rtc rtc: ds1347: fix value written to century register 2023-01-07 11:11:50 +01:00
s390 use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
sbus
scsi use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
sh
siox
slimbus
soc PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe() 2023-02-01 08:34:08 +01:00
soundwire soundwire: dmi-quirks: add quirk variant for LAPBC710 NUC15 2023-01-04 11:28:56 +01:00
spi spi: spidev: remove debug messages that access spidev->spi without locking 2023-02-01 08:34:32 +01:00
spmi
ssb
staging staging: vchiq_arm: fix enum vchiq_status return types 2023-01-24 07:24:35 +01:00
target use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
tc
tee
thermal thermal: intel: int340x: Add locking to int340x_thermal_get_trip_type() 2023-02-01 08:34:48 +01:00
thunderbolt thunderbolt: Do not call PM runtime functions in tb_retimer_scan() 2023-01-24 07:24:37 +01:00
tty serial: exar: Add support for Sealevel 7xxxC serial cards 2023-01-24 07:24:39 +01:00
ufs scsi: ufs: core: Fix devfreq deadlocks 2023-02-01 08:34:39 +01:00
uio uio: uio_dmem_genirq: Fix deadlock between irq config and handling 2022-12-31 13:32:38 +01:00
usb use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
vdpa vdpa_sim_net: should not drop the multicast/broadcast packet 2023-01-24 07:24:31 +01:00
vfio vfio/type1: Respect IOMMU reserved regions in vfio_test_domain_fgsp() 2023-02-01 08:34:36 +01:00
vhost vhost-scsi: unbreak any layout for response 2023-02-09 11:28:04 +01:00
video fbdev: omapfb: avoid stack overflow warning 2023-01-24 07:24:32 +01:00
virt virt/sev-guest: Add a MODULE_ALIAS 2022-12-31 13:32:09 +01:00
virtio virtio_pci: modify ENOENT to EINVAL 2023-01-24 07:24:31 +01:00
vlynq
w1 w1: fix WARNING after calling w1_process() 2023-02-01 08:34:26 +01:00
watchdog watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running 2022-12-31 13:32:44 +01:00
xen use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
zorro
Kconfig
Makefile