mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-08-28 20:02:17 +00:00
Code Issues Releases Wiki Activity
linux-stable/block
History
Laibin Qiu 0cfc8a0fb0 blk-throttle: Set BIO_THROTTLED when bio has been throttled 
[ Upstream commit 5a011f889b ]

1.In current process, all bio will set the BIO_THROTTLED flag
after __blk_throtl_bio().

2.If bio needs to be throttled, it will start the timer and
stop submit bio directly. Bio will submit in
blk_throtl_dispatch_work_fn() when the timer expires.But in
the current process, if bio is throttled. The BIO_THROTTLED
will be set to bio after timer start. If the bio has been
completed, it may cause use-after-free blow.

BUG: KASAN: use-after-free in blk_throtl_bio+0x12f0/0x2c70
Read of size 2 at addr ffff88801b8902d4 by task fio/26380

 dump_stack+0x9b/0xce
 print_address_description.constprop.6+0x3e/0x60
 kasan_report.cold.9+0x22/0x3a
 blk_throtl_bio+0x12f0/0x2c70
 submit_bio_checks+0x701/0x1550
 submit_bio_noacct+0x83/0xc80
 submit_bio+0xa7/0x330
 mpage_readahead+0x380/0x500
 read_pages+0x1c1/0xbf0
 page_cache_ra_unbounded+0x471/0x6f0
 do_page_cache_ra+0xda/0x110
 ondemand_readahead+0x442/0xae0
 page_cache_async_ra+0x210/0x300
 generic_file_buffered_read+0x4d9/0x2130
 generic_file_read_iter+0x315/0x490
 blkdev_read_iter+0x113/0x1b0
 aio_read+0x2ad/0x450
 io_submit_one+0xc8e/0x1d60
 __se_sys_io_submit+0x125/0x350
 do_syscall_64+0x2d/0x40
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Allocated by task 26380:
 kasan_save_stack+0x19/0x40
 __kasan_kmalloc.constprop.2+0xc1/0xd0
 kmem_cache_alloc+0x146/0x440
 mempool_alloc+0x125/0x2f0
 bio_alloc_bioset+0x353/0x590
 mpage_alloc+0x3b/0x240
 do_mpage_readpage+0xddf/0x1ef0
 mpage_readahead+0x264/0x500
 read_pages+0x1c1/0xbf0
 page_cache_ra_unbounded+0x471/0x6f0
 do_page_cache_ra+0xda/0x110
 ondemand_readahead+0x442/0xae0
 page_cache_async_ra+0x210/0x300
 generic_file_buffered_read+0x4d9/0x2130
 generic_file_read_iter+0x315/0x490
 blkdev_read_iter+0x113/0x1b0
 aio_read+0x2ad/0x450
 io_submit_one+0xc8e/0x1d60
 __se_sys_io_submit+0x125/0x350
 do_syscall_64+0x2d/0x40
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Freed by task 0:
 kasan_save_stack+0x19/0x40
 kasan_set_track+0x1c/0x30
 kasan_set_free_info+0x1b/0x30
 __kasan_slab_free+0x111/0x160
 kmem_cache_free+0x94/0x460
 mempool_free+0xd6/0x320
 bio_free+0xe0/0x130
 bio_put+0xab/0xe0
 bio_endio+0x3a6/0x5d0
 blk_update_request+0x590/0x1370
 scsi_end_request+0x7d/0x400
 scsi_io_completion+0x1aa/0xe50
 scsi_softirq_done+0x11b/0x240
 blk_mq_complete_request+0xd4/0x120
 scsi_mq_done+0xf0/0x200
 virtscsi_vq_done+0xbc/0x150
 vring_interrupt+0x179/0x390
 __handle_irq_event_percpu+0xf7/0x490
 handle_irq_event_percpu+0x7b/0x160
 handle_irq_event+0xcc/0x170
 handle_edge_irq+0x215/0xb20
 common_interrupt+0x60/0x120
 asm_common_interrupt+0x1e/0x40

Fix this by move BIO_THROTTLED set into the queue_lock.

Signed-off-by: Laibin Qiu <qiulaibin@huawei.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20220301123919.2381579-1-qiulaibin@huawei.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-06-09 10:25:29 +02:00
..
partitions block: remove GENHD_FL_EXT_DEVT 2021-11-29 06:38:35 -07:00
badblocks.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
bdev.c mm: remove cleancache 2022-01-22 08:33:38 +02:00
bfq-cgroup.c block, bfq: don't move oom_bfqq 2022-04-08 13:58:36 +02:00
bfq-iosched.c bfq: Fix warning in bfqq_request_over_limit() 2022-05-09 09:16:29 +02:00
bfq-iosched.h bfq: Provide helper to generate bfqq name 2021-11-29 06:38:52 -07:00
bfq-wf2q.c block/bfq_wf2q: correct weight to ioprio 2022-04-08 13:58:36 +02:00
bio-integrity.c block: bio-integrity: Advance seed correctly for larger interval sizes 2022-02-03 21:09:24 -07:00
bio.c block: fix offset/size check in bio_trim() 2022-04-20 09:36:18 +02:00
blk-cgroup-rwstat.c blk-cgroup: Fix the recursive blkg rwstat 2021-03-05 11:32:15 -07:00
blk-cgroup-rwstat.h blk-cgroup: separate out blkg_rwstat under CONFIG_BLK_CGROUP_RWSTAT 2019-11-07 12:28:13 -07:00
blk-cgroup.c blk-cgroup: set blkg iostat after percpu stat aggregation 2022-04-08 13:57:34 +02:00
blk-core.c block: release rq qos structures for queue without disk 2022-03-14 14:05:41 -06:00
blk-crypto-fallback.c blk-crypto: rename blk_keyslot_manager to blk_crypto_profile 2021-10-21 10:49:32 -06:00
blk-crypto-internal.h block: move struct request to blk-mq.h 2021-10-18 06:17:02 -06:00
blk-crypto-profile.c blk-crypto: remove blk_crypto_unregister() 2021-11-29 06:38:51 -07:00
blk-crypto.c blk-crypto: rename blk_keyslot_manager to blk_crypto_profile 2021-10-21 10:49:32 -06:00
blk-flush.c block: switch to atomic_t for request references 2021-12-03 14:51:29 -07:00
blk-ia-ranges.c block: fix memory leak in disk_register_independent_access_ranges 2022-01-23 09:13:09 -07:00
blk-integrity.c blk-crypto: remove blk_crypto_unregister() 2021-11-29 06:38:51 -07:00
blk-ioc.c block: restore the old set_task_ioprio() behaviour wrt PF_EXITING 2022-04-08 13:58:57 +02:00
blk-iocost.c iocost: don't reset the inuse weight of under-weighted debtors 2022-05-09 09:16:16 +02:00
blk-iolatency.c block: fix rq-qos breakage from skipping rq_qos_done_bio() 2022-04-08 13:57:26 +02:00
blk-ioprio.c blk-ioprio: don't set bio priority if not needed 2021-11-29 06:38:35 -07:00
blk-ioprio.h block: Introduce the ioprio rq-qos policy 2021-06-21 15:03:40 -06:00
blk-lib.c block: export blk_next_bio() 2021-06-17 15:51:20 +02:00
blk-map.c block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern 2022-02-17 07:54:03 -07:00
blk-merge.c block: throttle split bio in case of iops limit 2022-04-08 13:58:36 +02:00
blk-mq-cpumap.c blk-mq: remove the calling of local_memory_node() 2020-10-20 07:08:17 -06:00
blk-mq-debugfs-zoned.c
blk-mq-debugfs.c blk-mq: check q->poll_stat in queue_poll_stat_show 2021-12-02 08:20:49 -07:00
blk-mq-debugfs.h
blk-mq-pci.c
blk-mq-rdma.c
blk-mq-sched.c block: limit request dispatch loop duration 2022-04-08 13:57:26 +02:00
blk-mq-sched.h block: move blk_mq_sched_assign_ioc to blk-ioc.c 2021-11-29 06:41:29 -07:00
blk-mq-sysfs.c blk-mq: move srcu from blk_mq_hw_ctx to request_queue 2021-12-03 14:51:29 -07:00
blk-mq-tag.c blk-mq: fix tag_get wait task can't be awakened 2022-01-13 12:52:14 -07:00
blk-mq-tag.h blk-mq: Delete busy_iter_fn 2021-12-06 13:18:47 -07:00
blk-mq-virtio.c blk-mq: Fix typo in comment 2020-03-17 20:55:21 +01:00
blk-mq.c Revert "block: inherit request start time from bio for BLK_CGROUP" 2022-05-09 09:16:29 +02:00
blk-mq.h blk-mq: don't run might_sleep() if the operation needn't blocking 2021-12-06 09:40:42 -07:00
blk-pm.c scsi: block: pm: Always set request queue runtime active in blk_post_runtime_resume() 2021-12-22 23:38:29 -05:00
blk-pm.h block: Remove unused blk_pm_*() function definitions 2021-02-22 06:33:48 -07:00
blk-rq-qos.c rq-qos: fix missed wake-ups in rq_qos_throttle try two 2021-06-08 15:12:57 -06:00
blk-rq-qos.h block: fix rq-qos breakage from skipping rq_qos_done_bio() 2022-04-08 13:57:26 +02:00
blk-settings.c block: Fix partition check for host-aware zoned block devices 2021-10-27 06:58:01 -06:00
blk-stat.c block: make queue stat accounting a reference 2021-12-14 17:23:05 -07:00
blk-stat.h block: make queue stat accounting a reference 2021-12-14 17:23:05 -07:00
blk-sysfs.c block: don't delete queue kobject before its children 2022-04-08 13:57:35 +02:00
blk-throttle.c blk-throttle: Set BIO_THROTTLED when bio has been throttled 2022-06-09 10:25:29 +02:00
blk-throttle.h block: throttle split bio in case of iops limit 2022-04-08 13:58:36 +02:00
blk-timeout.c block: blk-timeout: delete duplicated word 2020-07-31 16:29:47 -06:00
blk-wbt.c blk-wbt: prevent NULL pointer dereference in wb_timer_fn 2021-10-19 06:13:41 -06:00
blk-wbt.h blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() 2021-06-21 15:03:41 -06:00
blk-zoned.c block: Hold invalidate_lock in BLKRESETZONE ioctl 2021-11-11 11:52:46 -07:00
blk.h block: only build the icq tracking code when needed 2021-12-16 10:59:02 -07:00
bounce.c mm: don't include <linux/blk-cgroup.h> in <linux/backing-dev.h> 2021-10-18 06:17:01 -06:00
bsg-lib.c block: remove the gendisk argument to blk_execute_rq 2021-11-29 06:41:29 -07:00
bsg.c scsi: bsg: Fix device unregistration 2021-09-14 00:22:15 -04:00
disk-events.c block: return errors from disk_alloc_events 2021-08-23 12:55:45 -06:00
elevator.c block/wbt: fix negative inflight counter when remove scsi device 2022-02-17 07:54:03 -07:00
elevator.h block: move elevator.h to block/ 2021-10-18 06:17:01 -06:00
fops.c block: clear iocb->private in blkdev_bio_end_io_async() 2022-02-22 06:59:49 -07:00
genhd.c block: Fix the maximum minor value is blk_alloc_ext_minor() 2022-04-08 13:58:57 +02:00
holder.c block: drop unused includes in <linux/genhd.h> 2021-10-18 06:17:02 -06:00
ioctl.c block/compat_ioctl: fix range check in BLKGETSIZE 2022-04-27 14:40:54 +02:00
ioprio.c for-5.17/block-2022-01-11 2022-01-12 10:26:52 -08:00
Kconfig block: only build the icq tracking code when needed 2021-12-16 10:59:02 -07:00
Kconfig.iosched block: only build the icq tracking code when needed 2021-12-16 10:59:02 -07:00
kyber-iosched.c block: make queue stat accounting a reference 2021-12-14 17:23:05 -07:00
Makefile block: remove blk-exec.c 2021-11-29 06:34:50 -07:00
mq-deadline.c block/mq-deadline: Set the fifo_time member also if inserting at head 2022-05-25 09:59:06 +02:00
opal_proto.h block: sed-opal: Change the check condition for regular session validity 2020-03-12 08:00:10 -06:00
sed-opal.c block: sed-opal: Change the check condition for regular session validity 2020-03-12 08:00:10 -06:00
t10-pi.c block: move integrity handling out of <linux/blkdev.h> 2021-10-18 06:17:02 -06:00