mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-01 22:54:01 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/block
History
Yuan Can f36d8c8651 floppy: Fix memory leak in do_floppy_init() 
commit f8ace2e304 upstream.

A memory leak was reported when floppy_alloc_disk() failed in
do_floppy_init().

unreferenced object 0xffff888115ed25a0 (size 8):
  comm "modprobe", pid 727, jiffies 4295051278 (age 25.529s)
  hex dump (first 8 bytes):
    00 ac 67 5b 81 88 ff ff                          ..g[....
  backtrace:
    [<000000007f457abb>] __kmalloc_node+0x4c/0xc0
    [<00000000a87bfa9e>] blk_mq_realloc_tag_set_tags.part.0+0x6f/0x180
    [<000000006f02e8b1>] blk_mq_alloc_tag_set+0x573/0x1130
    [<0000000066007fd7>] 0xffffffffc06b8b08
    [<0000000081f5ac40>] do_one_initcall+0xd0/0x4f0
    [<00000000e26d04ee>] do_init_module+0x1a4/0x680
    [<000000001bb22407>] load_module+0x6249/0x7110
    [<00000000ad31ac4d>] __do_sys_finit_module+0x140/0x200
    [<000000007bddca46>] do_syscall_64+0x35/0x80
    [<00000000b5afec39>] entry_SYSCALL_64_after_hwframe+0x46/0xb0
unreferenced object 0xffff88810fc30540 (size 32):
  comm "modprobe", pid 727, jiffies 4295051278 (age 25.529s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000007f457abb>] __kmalloc_node+0x4c/0xc0
    [<000000006b91eab4>] blk_mq_alloc_tag_set+0x393/0x1130
    [<0000000066007fd7>] 0xffffffffc06b8b08
    [<0000000081f5ac40>] do_one_initcall+0xd0/0x4f0
    [<00000000e26d04ee>] do_init_module+0x1a4/0x680
    [<000000001bb22407>] load_module+0x6249/0x7110
    [<00000000ad31ac4d>] __do_sys_finit_module+0x140/0x200
    [<000000007bddca46>] do_syscall_64+0x35/0x80
    [<00000000b5afec39>] entry_SYSCALL_64_after_hwframe+0x46/0xb0

If the floppy_alloc_disk() failed, disks of current drive will not be set,
thus the lastest allocated set->tag cannot be freed in the error handling
path. A simple call graph shown as below:

 floppy_module_init()
   floppy_init()
     do_floppy_init()
       for (drive = 0; drive < N_DRIVE; drive++)
         blk_mq_alloc_tag_set()
           blk_mq_alloc_tag_set_tags()
             blk_mq_realloc_tag_set_tags() # set->tag allocated
         floppy_alloc_disk()
           blk_mq_alloc_disk() # error occurred, disks failed to allocated

       ->out_put_disk:
       for (drive = 0; drive < N_DRIVE; drive++)
         if (!disks[drive][0]) # the last disks is not set and loop break
           break;
         blk_mq_free_tag_set() # the latest allocated set->tag leaked

Fix this problem by free the set->tag of current drive before jump to
error handling path.

Cc: stable@vger.kernel.org
Fixes: 302cfee150 ("floppy: use a separate gendisk for each media format")
Signed-off-by: Yuan Can <yuancan@huawei.com>
[efremov: added stable list, changed title]
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-12-31 13:14:47 +01:00
..
aoe for-5.14/drivers-2021-06-29 2021-06-30 12:21:16 -07:00
drbd drbd: destroy workqueue when drbd device was freed 2022-12-31 13:14:12 +01:00
mtip32xx block: fix surprise removal for drivers calling blk_set_queue_dying 2022-02-23 12:03:15 +01:00
null_blk null_blk: fix ida error handling in null_add_dev() 2022-08-17 14:24:00 +02:00
paride SCSI misc on 20210902 2021-09-02 15:09:46 -07:00
rnbd block/rnbd-srv: Set keep_id to true after mutex_trylock 2022-08-17 14:24:00 +02:00
rsxx for-5.14/drivers-2021-06-29 2021-06-30 12:21:16 -07:00
xen-blkback xen-blkback: Advertise feature-persistent as user requested 2022-09-08 12:28:05 +02:00
zram zram: do not lookup algorithm in backends table 2022-08-25 11:40:34 +02:00
amiflop.c block: drop unused includes in <linux/genhd.h> 2022-03-16 14:23:46 +01:00
ataflop.c block: drop unused includes in <linux/genhd.h> 2022-03-16 14:23:46 +01:00
brd.c brd: reduce the brd_devices_mutex scope 2021-10-17 06:51:19 -06:00
cryptoloop.c cryptoloop: add a deprecation warning 2021-08-27 10:44:54 -06:00
floppy.c floppy: Fix memory leak in do_floppy_init() 2022-12-31 13:14:47 +01:00
Kconfig virtio-blk: avoid preallocating big SGL for data 2022-07-12 16:34:56 +02:00
loop.c loop: Fix the max_loop commandline argument treatment when it is set to 0 2022-12-31 13:14:46 +01:00
loop.h loop: reduce the loop_ctl_mutex scope 2021-09-03 22:14:40 -06:00
Makefile
n64cart.c n64cart: convert bi_disk to bi_bdev->bd_disk fix build 2022-04-08 14:24:16 +02:00
nbd.c nbd: Fix hung when signal interrupts nbd_start_device_ioctl() 2022-10-26 12:35:47 +02:00
pktcdvd.c block: move the bdi from the request_queue to the gendisk 2021-08-09 11:53:23 -06:00
ps3disk.c ps3disk: use memcpy_{from,to}_bvec 2021-08-02 13:37:27 -06:00
ps3vram.c ps3vram: use bvec_virt 2021-08-16 10:50:33 -06:00
rbd.c block: fix surprise removal for drivers calling blk_set_queue_dying 2022-02-23 12:03:15 +01:00
rbd_types.h
sunvdc.c Char / Misc driver updates for 5.14-rc1 2021-07-05 13:42:16 -07:00
swim.c block: drop unused includes in <linux/genhd.h> 2022-03-16 14:23:46 +01:00
swim3.c swim3: use blk_mq_alloc_disk 2021-06-11 11:53:02 -06:00
swim_asm.S
sx8.c sx8: use the internal state machine to check if del_gendisk needs to be called 2021-08-12 10:29:36 -06:00
virtio_blk.c virtio-blk: modify the value type of num in virtio_queue_rq() 2022-07-12 16:35:11 +02:00
xen-blkfront.c xen-blkfront: Cache feature_persistent value before advertisement 2022-09-08 12:28:05 +02:00
z2ram.c for-5.14/drivers-2021-06-29 2021-06-30 12:21:16 -07:00