linux-stable/block
Li Jinlin 884f0e84f1 blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()
The pending timer has been set up in blk_throtl_init(). However, the
timer is not deleted in blk_throtl_exit(). This means that the timer
handler may still be running after freeing the timer, which would
result in a use-after-free.

Fix by calling del_timer_sync() to delete the timer in blk_throtl_exit().

Signed-off-by: Li Jinlin <lijinlin3@huawei.com>
Link: https://lore.kernel.org/r/20210907121242.2885564-1-lijinlin3@huawei.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-09-07 08:36:56 -06:00
..
partitions for-5.15/block-2021-08-30 2021-08-30 18:52:11 -07:00
badblocks.c
bfq-cgroup.c block, bfq: merge bursts of newly-created queues 2021-03-25 10:50:07 -06:00
bfq-iosched.c block, bfq: honor already-setup queue merges 2021-09-02 06:36:58 -06:00
bfq-iosched.h block, bfq: cleanup the repeated declaration 2021-08-25 06:45:33 -06:00
bfq-wf2q.c block: Introduce IOPRIO_NR_LEVELS 2021-08-18 07:21:12 -06:00
bio-integrity.c block: use bvec_virt in bio_integrity_{process,free} 2021-08-16 10:50:32 -06:00
bio.c bio: fix kerneldoc documentation for bio_alloc_kiocb() 2021-09-03 07:42:13 -06:00
blk-cgroup-rwstat.c blk-cgroup: Fix the recursive blkg rwstat 2021-03-05 11:32:15 -07:00
blk-cgroup-rwstat.h
blk-cgroup.c for-5.15/block-2021-08-30 2021-08-30 18:52:11 -07:00
blk-core.c io_uring-bio-cache.5-2021-08-30 2021-08-30 19:30:30 -07:00
blk-crypto-fallback.c block: rename BIO_MAX_PAGES to BIO_MAX_VECS 2021-03-11 07:47:48 -07:00
blk-crypto-internal.h
blk-crypto.c blk-crypto: fix check for too-large dun_bytes 2021-08-25 06:45:00 -06:00
blk-exec.c block: return errors from blk_execute_rq() 2021-06-30 15:35:45 -06:00
blk-flush.c blk-mq: fix is_flush_rq 2021-08-17 20:17:34 -06:00
blk-integrity.c block: return errors from blk_integrity_add 2021-08-23 12:55:45 -06:00
blk-ioc.c
blk-iocost.c for-5.15/block-2021-08-30 2021-08-30 18:52:11 -07:00
blk-iolatency.c for-5.15/block-2021-08-30 2021-08-30 18:52:11 -07:00
blk-ioprio.c block: Introduce the ioprio rq-qos policy 2021-06-21 15:03:40 -06:00
blk-ioprio.h block: Introduce the ioprio rq-qos policy 2021-06-21 15:03:40 -06:00
blk-lib.c block: export blk_next_bio() 2021-06-17 15:51:20 +02:00
blk-map.c block: use memcpy_from_bvec in bio_copy_kern_endio_read 2021-08-02 13:37:28 -06:00
blk-merge.c io_uring-bio-cache.5-2021-08-30 2021-08-30 19:30:30 -07:00
blk-mq-cpumap.c blk-mq: remove the calling of local_memory_node() 2020-10-20 07:08:17 -06:00
blk-mq-debugfs-zoned.c
blk-mq-debugfs.c block: Introduce the ioprio rq-qos policy 2021-06-21 15:03:40 -06:00
blk-mq-debugfs.h
blk-mq-pci.c
blk-mq-rdma.c
blk-mq-sched.c blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling 2021-07-27 16:44:38 -06:00
blk-mq-sched.h blk: Fix lock inversion between ioc lock and bfqd lock 2021-06-24 18:43:55 -06:00
blk-mq-sysfs.c block: remove blk-mq-sysfs dead code 2021-08-02 13:37:29 -06:00
blk-mq-tag.c blk-mq: Use request queue-wide tags for tagset-wide sbitmap 2021-05-24 06:47:22 -06:00
blk-mq-tag.h blk-mq: Some tag allocation code refactoring 2021-05-24 06:47:22 -06:00
blk-mq-virtio.c
blk-mq.c for-5.15/block-2021-08-30 2021-08-30 18:52:11 -07:00
blk-mq.h blk: Fix lock inversion between ioc lock and bfqd lock 2021-06-24 18:43:55 -06:00
blk-pm.c scsi: block: Fix a race in the runtime power management code 2020-12-09 11:41:41 -05:00
blk-pm.h block: Remove unused blk_pm_*() function definitions 2021-02-22 06:33:48 -07:00
blk-rq-qos.c rq-qos: fix missed wake-ups in rq_qos_throttle try two 2021-06-08 15:12:57 -06:00
blk-rq-qos.h block: Introduce the ioprio rq-qos policy 2021-06-21 15:03:40 -06:00
blk-settings.c block: add an explicit ->disk backpointer to the request_queue 2021-08-23 12:54:31 -06:00
blk-stat.c
blk-stat.h
blk-sysfs.c block: call blk_register_queue earlier in device_add_disk 2021-08-23 12:55:45 -06:00
blk-throttle.c blk-throttle: fix UAF by deleteing timer in blk_throtl_exit() 2021-09-07 08:36:56 -06:00
blk-timeout.c
blk-wbt.c block: add an explicit ->disk backpointer to the request_queue 2021-08-23 12:54:31 -06:00
blk-wbt.h blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() 2021-06-21 15:03:41 -06:00
blk-zoned.c blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN 2021-08-24 10:12:36 -06:00
blk.h io_uring-bio-cache.5-2021-08-30 2021-08-30 19:30:30 -07:00
bounce.c block: use memcpy_from_bvec in __blk_queue_bounce 2021-08-02 13:37:28 -06:00
bsg-lib.c block-5.14-2021-07-08 2021-07-09 12:05:33 -07:00
bsg.c block-5.14-2021-07-08 2021-07-09 12:05:33 -07:00
disk-events.c block: return errors from disk_alloc_events 2021-08-23 12:55:45 -06:00
elevator.c block: return ELEVATOR_DISCARD_MERGE if possible 2021-08-09 14:37:47 -06:00
genhd.c block: genhd: don't call blkdev_show() with major_names_lock held 2021-09-07 08:36:21 -06:00
holder.c block: add back the bd_holder_dir reference in bd_link_disk_holder 2021-08-20 21:14:26 -06:00
ioctl.c block: pass a gendisk to bdev_resize_partition 2021-08-12 10:31:36 -06:00
ioprio.c block: fix default IO priority handling 2021-08-18 07:23:15 -06:00
Kconfig block: make the block holder code optional 2021-08-09 11:50:42 -06:00
Kconfig.iosched Revert "block/mq-deadline: Add cgroup support" 2021-08-11 13:47:26 -06:00
keyslot-manager.c - Fix DM integrity's HMAC support to provide enhanced security of 2021-02-22 10:22:54 -08:00
kyber-iosched.c kyber: make trace_block_rq call consistent with documentation 2021-08-06 16:40:47 -06:00
Makefile for-5.15/block-2021-08-30 2021-08-30 18:52:11 -07:00
mq-deadline.c block/mq-deadline: Move dd_queued() to fix defined but not used warning 2021-09-02 06:34:45 -06:00
opal_proto.h
scsi_ioctl.c block-5.14-2021-07-08 2021-07-09 12:05:33 -07:00
sed-opal.c
t10-pi.c block: use bvec_kmap_local in t10_pi_type1_{prepare,complete} 2021-08-02 13:37:28 -06:00