mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-25 03:46:17 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers
History
Yuan Can 55b3c66a0d floppy: Fix memory leak in do_floppy_init() 
commit f8ace2e304 upstream.

A memory leak was reported when floppy_alloc_disk() failed in
do_floppy_init().

unreferenced object 0xffff888115ed25a0 (size 8):
  comm "modprobe", pid 727, jiffies 4295051278 (age 25.529s)
  hex dump (first 8 bytes):
    00 ac 67 5b 81 88 ff ff                          ..g[....
  backtrace:
    [<000000007f457abb>] __kmalloc_node+0x4c/0xc0
    [<00000000a87bfa9e>] blk_mq_realloc_tag_set_tags.part.0+0x6f/0x180
    [<000000006f02e8b1>] blk_mq_alloc_tag_set+0x573/0x1130
    [<0000000066007fd7>] 0xffffffffc06b8b08
    [<0000000081f5ac40>] do_one_initcall+0xd0/0x4f0
    [<00000000e26d04ee>] do_init_module+0x1a4/0x680
    [<000000001bb22407>] load_module+0x6249/0x7110
    [<00000000ad31ac4d>] __do_sys_finit_module+0x140/0x200
    [<000000007bddca46>] do_syscall_64+0x35/0x80
    [<00000000b5afec39>] entry_SYSCALL_64_after_hwframe+0x46/0xb0
unreferenced object 0xffff88810fc30540 (size 32):
  comm "modprobe", pid 727, jiffies 4295051278 (age 25.529s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000007f457abb>] __kmalloc_node+0x4c/0xc0
    [<000000006b91eab4>] blk_mq_alloc_tag_set+0x393/0x1130
    [<0000000066007fd7>] 0xffffffffc06b8b08
    [<0000000081f5ac40>] do_one_initcall+0xd0/0x4f0
    [<00000000e26d04ee>] do_init_module+0x1a4/0x680
    [<000000001bb22407>] load_module+0x6249/0x7110
    [<00000000ad31ac4d>] __do_sys_finit_module+0x140/0x200
    [<000000007bddca46>] do_syscall_64+0x35/0x80
    [<00000000b5afec39>] entry_SYSCALL_64_after_hwframe+0x46/0xb0

If the floppy_alloc_disk() failed, disks of current drive will not be set,
thus the lastest allocated set->tag cannot be freed in the error handling
path. A simple call graph shown as below:

 floppy_module_init()
   floppy_init()
     do_floppy_init()
       for (drive = 0; drive < N_DRIVE; drive++)
         blk_mq_alloc_tag_set()
           blk_mq_alloc_tag_set_tags()
             blk_mq_realloc_tag_set_tags() # set->tag allocated
         floppy_alloc_disk()
           blk_mq_alloc_disk() # error occurred, disks failed to allocated

       ->out_put_disk:
       for (drive = 0; drive < N_DRIVE; drive++)
         if (!disks[drive][0]) # the last disks is not set and loop break
           break;
         blk_mq_free_tag_set() # the latest allocated set->tag leaked

Fix this problem by free the set->tag of current drive before jump to
error handling path.

Cc: stable@vger.kernel.org
Fixes: 302cfee150 ("floppy: use a separate gendisk for each media format")
Signed-off-by: Yuan Can <yuancan@huawei.com>
[efremov: added stable list, changed title]
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-12-31 13:33:11 +01:00
..
accessibility speakup: replace utils' u_char with unsigned char 2022-11-09 15:25:24 +01:00
acpi ACPI: x86: Add skip i2c clients quirk for Medion Lifetab S10346 2022-12-31 13:32:58 +01:00
amba
android binder: validate alloc->mm in ->mmap() handler 2022-11-09 15:41:27 +01:00
ata ata: libata: fix NCQ autosense logic 2022-12-31 13:32:02 +01:00
atm
auxdisplay
base class: fix possible memory leak in __class_register() 2022-12-31 13:32:38 +01:00
bcma Interrupt subsystem updates: 2022-10-12 10:23:24 -07:00
block floppy: Fix memory leak in do_floppy_init() 2022-12-31 13:33:11 +01:00
bluetooth Bluetooth: hci_bcm: Add CYW4373A0 support 2022-12-31 13:33:05 +01:00
bus bus: ixp4xx: Don't touch bit 7 on IXP42x 2022-11-22 23:12:18 +01:00
cdrom
char ipmi: fix memleak when unload ipmi driver 2022-12-31 13:32:59 +01:00
clk clk: imx: imx8mp: add shared clk gate for usb suspend clk 2022-12-31 13:33:09 +01:00
clocksource clocksource/drivers/timer-ti-dm: Fix missing clk_disable_unprepare in dmtimer_systimer_init_clock() 2022-12-31 13:31:59 +01:00
comedi
connector
counter counter: stm32-lptimer-cnt: fix the check on arr and cmp registers update 2022-12-31 13:32:41 +01:00
cpufreq cpufreq: amd_freq_sensitivity: Add missing pci_dev_put() 2022-12-31 13:31:58 +01:00
cpuidle cpuidle: dt: Return the correct numbers of parsed idle states 2022-12-31 13:31:55 +01:00
crypto crypto: hisilicon/qm - increase the memory of local variables 2022-12-31 13:33:05 +01:00
cxl cxl/region: Recycle region ids 2022-11-04 16:03:43 -07:00
dax device-dax: Fix duplicate 'hmem' device registration 2022-11-21 15:34:40 -08:00
dca
devfreq
dio drivers: dio: fix possible memory leak in dio_init() 2022-12-31 13:32:38 +01:00
dma dmaengine: idxd: Make read buffer sysfs attributes invisible for Intel IAA 2022-12-31 13:32:47 +01:00
dma-buf dma-buf: fix racing conflict of dma_heap_add() 2022-11-22 18:27:56 +05:30
edac EDAC/i10nm: fix refcount leak in pci_get_dev_wrapper() 2022-12-31 13:31:57 +01:00
eisa
extcon extcon: usbc-tusb320: Update state on probe even if no IRQ pending 2022-12-31 13:32:39 +01:00
firewire
firmware firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() 2022-12-31 13:32:40 +01:00
fpga fpga: m10bmc-sec: Fix kconfig dependencies 2022-11-15 21:46:58 +08:00
fsi
gnss
gpio gpiolib: protect the GPIO device against being dropped while in use by user-space 2022-12-31 13:32:42 +01:00
gpu drm/amd/pm: avoid large variable on kernel stack 2022-12-31 13:33:07 +01:00
greybus
hid HID: mcp2221: don't connect hidraw 2022-12-31 13:33:10 +01:00
hsi HSI: omap_ssi_core: Fix error handling in ssi_init() 2022-12-31 13:32:45 +01:00
hte
hv video: hyperv_fb: Avoid taking busy spinlock on panic path 2022-12-31 13:32:56 +01:00
hwmon hwmon: (jc42) Fix missing unlock on error in jc42_write() 2022-12-31 13:33:06 +01:00
hwspinlock
hwtracing coresight: cti: Fix null pointer error on CTI init before ETM 2022-12-31 13:32:41 +01:00
i2c i2c: ismt: Fix an out-of-bounds bug in ismt_access() 2022-12-31 13:32:42 +01:00
i3c i3c: master: Remove the wrong place of reattach. 2022-10-12 23:45:29 +02:00
idle
iio iio: addac: ad74413r: fix integer promotion bug in ad74413_get_input_current_offset() 2022-12-31 13:33:10 +01:00
infiniband RDMA/siw: Fix pointer cast warning 2022-12-31 13:32:45 +01:00
input Input: iqs7222 - add support for IQS7222A v1.13+ 2022-12-31 13:33:08 +01:00
interconnect interconnect: qcom: sc7180: fix dropped const of qcom_icc_bcm 2022-12-31 13:32:39 +01:00
iommu iommu/mediatek: Fix forever loop in error handling 2022-12-31 13:32:53 +01:00
ipack
irqchip irqchip/loongson-liointc: Fix improper error handling in liointc_init() 2022-12-31 13:31:57 +01:00
isdn mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() 2022-12-31 13:32:53 +01:00
leds leds: is31fl319x: Fix setting current limit for is31fl319{0,1,3} 2022-12-31 13:32:45 +01:00
macintosh macintosh/macio-adb: check the return value of ioremap() 2022-12-31 13:32:50 +01:00
mailbox mailbox: zynq-ipi: fix error handling while device_register() fails 2022-12-31 13:32:55 +01:00
mcb mcb: mcb-parse: fix error handing in chameleon_parse_gdd() 2022-12-31 13:32:41 +01:00
md md/raid1: stop mdx_raid1 thread when raid1 array run failed 2022-12-31 13:33:02 +01:00
media media: si470x: Fix use-after-free in si470x_int_in_callback() 2022-12-31 13:33:04 +01:00
memory memory: renesas-rpc-if: Clear HS bit during hardware initialization 2022-12-31 13:31:48 +01:00
memstick memstick/ms_block: Add check for alloc_ordered_workqueue 2022-12-31 13:32:25 +01:00
message
mfd mfd: pm8008: Fix return value check in pm8008_probe() 2022-12-31 13:32:52 +01:00
misc lkdtm: cfi: Make PAC test work with GCC 7 and 8 2022-12-31 13:33:07 +01:00
mmc mmc: sdhci-tegra: Issue CMD and DAT resets together 2022-12-31 13:33:04 +01:00
most
mtd mtd: maps: pxa2xx-flash: fix memory leak in probe 2022-12-31 13:32:15 +01:00
mux
net ice: synchronize the misc IRQ when tearing down Tx tracker 2022-12-31 13:33:04 +01:00
nfc nfc: pn533: Clear nfc_target before being used 2022-12-31 13:32:54 +01:00
ntb
nubus
nvdimm libnvdimm for 6.1 2022-10-14 18:41:41 -07:00
nvme nvme-auth: don't override ctrl keys before validation 2022-12-31 13:33:02 +01:00
nvmem nvmem: lan9662-otp: Change return type of lan9662_otp_wait_flag_clear() 2022-11-22 18:22:05 +01:00
of of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry() and find_dup_cset_prop() 2022-12-31 13:32:26 +01:00
opp
parisc parisc: Export iosapic_serial_irq() symbol for serial port driver 2022-10-27 09:12:05 +02:00
parport parport_pc: Avoid FIFO port location truncation 2022-11-09 15:40:32 +01:00
pci Revert "PCI: Clear PCI_STATUS when setting up device" 2022-12-31 13:33:05 +01:00
pcmcia
peci
perf drivers/perf: hisi: Fix some event id for hisi-pcie-pmu 2022-12-31 13:31:53 +01:00
phy phy: qcom-qmp-pcie: Fix sm8450_qmp_gen4x2_pcie_pcs_tbl[] register names 2022-12-31 13:32:48 +01:00
pinctrl pinctrl: thunderbay: fix possible memory leak in thunderbay_build_functions() 2022-12-31 13:32:23 +01:00
platform regulator: core: Use different devices for resource allocation and DT lookup 2022-12-31 13:33:04 +01:00
pnp PNP: fix name memory leak in pnp_alloc_dev() 2022-12-31 13:31:56 +01:00
power power: supply: fix null pointer dereferencing in power_supply_get_battery_info 2022-12-31 13:32:45 +01:00
powercap Scheduler changes for v6.1: 2022-10-10 09:10:28 -07:00
pps
ps3
ptp ] ptp: ocp: remove symlink for second GNSS 2022-10-10 08:37:24 +01:00
pwm pwm: mediatek: always use bus clock for PWM on MT7622 2022-12-31 13:32:51 +01:00
rapidio rapidio: devices: fix missing put_device in mport_cdev_open 2022-12-31 13:32:00 +01:00
ras
regulator regulator: core: fix deadlock on regulator enable 2022-12-31 13:33:10 +01:00
remoteproc remoteproc: qcom: q6v5: Fix missing clk_disable_unprepare() in q6v5_wcss_qcs404_power_on() 2022-12-31 13:32:52 +01:00
reset
rpmsg
rtc rtc: mxc_v2: Add missing clk_disable_unprepare() 2022-12-31 13:32:55 +01:00
s390 s390/lcs: Fix return type of lcs_start_xmit() 2022-12-31 13:33:01 +01:00
sbus
scsi scsi: smartpqi: Correct device removal for multi-actuator devices 2022-12-31 13:33:06 +01:00
sh
siox siox: fix possible memory leak in siox_device_add() 2022-11-09 15:40:14 +01:00
slimbus slimbus: qcom-ngd: Fix build error when CONFIG_SLIM_QCOM_NGD_CTRL=y && CONFIG_QCOM_RPROC_COMMON=m 2022-11-10 18:45:40 +01:00
soc soc: mediatek: pm-domains: Fix the power glitch issue 2022-12-31 13:32:55 +01:00
soundwire soundwire: qcom: check for outanding writes before doing a read 2022-10-28 17:00:38 +05:30
spi spi: fsl_spi: Don't change speed while chipselect is active 2022-12-31 13:33:11 +01:00
spmi
ssb
staging vme: Fix error not catched in fake_init() 2022-12-31 13:32:42 +01:00
target scsi: target: iscsi: Fix a race condition between login_work and the login thread 2022-12-31 13:33:06 +01:00
tc
tee tee: optee: fix possible memory leak in optee_register_device() 2022-11-17 09:22:12 +01:00
thermal thermal/core: Ensure that thermal device is registered in thermal_zone_get_temp 2022-12-31 13:32:57 +01:00
thunderbolt treewide: use get_random_u32() when possible 2022-10-11 17:42:58 -06:00
tty serial: sunsab: Fix error handling in sunsab_init() 2022-12-31 13:32:40 +01:00
ufs scsi: ufs: Reduce the START STOP UNIT timeout 2022-12-31 13:33:05 +01:00
uio uio: uio_dmem_genirq: Fix deadlock between irq config and handling 2022-12-31 13:32:38 +01:00
usb xhci: Prevent infinite loop in transaction errors recovery for streams 2022-12-31 13:33:10 +01:00
vdpa virtio: fixes, features 2022-10-10 14:02:53 -07:00
vfio vfio/iova_bitmap: refactor iova_bitmap_set() to better handle page boundaries 2022-12-31 13:32:41 +01:00
vhost virtio: fixes, features 2022-10-10 14:02:53 -07:00
video video: hyperv_fb: Avoid taking busy spinlock on panic path 2022-12-31 13:32:56 +01:00
virt virt/sev-guest: Add a MODULE_ALIAS 2022-12-31 13:32:09 +01:00
virtio virtio_pci: use irq to detect interrupt support 2022-10-13 09:33:03 -04:00
vlynq
w1
watchdog watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running 2022-12-31 13:32:44 +01:00
xen xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() 2022-12-31 13:31:59 +01:00
zorro
Kconfig
Makefile