mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-06 19:07:52 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers
History
Jiazi Li d208b89401 dm: fix mempool NULL pointer race when completing IO 
dm_io_dec_pending() calls end_io_acct() first and will then dec md
in-flight pending count. But if a task is swapping DM table at same
time this can result in a crash due to mempool->elements being NULL:

task1                             task2
do_resume
 ->do_suspend
  ->dm_wait_for_completion
                                  bio_endio
				   ->clone_endio
				    ->dm_io_dec_pending
				     ->end_io_acct
				      ->wakeup task1
 ->dm_swap_table
  ->__bind
   ->__bind_mempools
    ->bioset_exit
     ->mempool_exit
                                     ->free_io

[ 67.330330] Unable to handle kernel NULL pointer dereference at
virtual address 0000000000000000
......
[ 67.330494] pstate: 80400085 (Nzcv daIf +PAN -UAO)
[ 67.330510] pc : mempool_free+0x70/0xa0
[ 67.330515] lr : mempool_free+0x4c/0xa0
[ 67.330520] sp : ffffff8008013b20
[ 67.330524] x29: ffffff8008013b20 x28: 0000000000000004
[ 67.330530] x27: ffffffa8c2ff40a0 x26: 00000000ffff1cc8
[ 67.330535] x25: 0000000000000000 x24: ffffffdada34c800
[ 67.330541] x23: 0000000000000000 x22: ffffffdada34c800
[ 67.330547] x21: 00000000ffff1cc8 x20: ffffffd9a1304d80
[ 67.330552] x19: ffffffdada34c970 x18: 000000b312625d9c
[ 67.330558] x17: 00000000002dcfbf x16: 00000000000006dd
[ 67.330563] x15: 000000000093b41e x14: 0000000000000010
[ 67.330569] x13: 0000000000007f7a x12: 0000000034155555
[ 67.330574] x11: 0000000000000001 x10: 0000000000000001
[ 67.330579] x9 : 0000000000000000 x8 : 0000000000000000
[ 67.330585] x7 : 0000000000000000 x6 : ffffff80148b5c1a
[ 67.330590] x5 : ffffff8008013ae0 x4 : 0000000000000001
[ 67.330596] x3 : ffffff80080139c8 x2 : ffffff801083bab8
[ 67.330601] x1 : 0000000000000000 x0 : ffffffdada34c970
[ 67.330609] Call trace:
[ 67.330616] mempool_free+0x70/0xa0
[ 67.330627] bio_put+0xf8/0x110
[ 67.330638] dec_pending+0x13c/0x230
[ 67.330644] clone_endio+0x90/0x180
[ 67.330649] bio_endio+0x198/0x1b8
[ 67.330655] dec_pending+0x190/0x230
[ 67.330660] clone_endio+0x90/0x180
[ 67.330665] bio_endio+0x198/0x1b8
[ 67.330673] blk_update_request+0x214/0x428
[ 67.330683] scsi_end_request+0x2c/0x300
[ 67.330688] scsi_io_completion+0xa0/0x710
[ 67.330695] scsi_finish_command+0xd8/0x110
[ 67.330700] scsi_softirq_done+0x114/0x148
[ 67.330708] blk_done_softirq+0x74/0xd0
[ 67.330716] __do_softirq+0x18c/0x374
[ 67.330724] irq_exit+0xb4/0xb8
[ 67.330732] __handle_domain_irq+0x84/0xc0
[ 67.330737] gic_handle_irq+0x148/0x1b0
[ 67.330744] el1_irq+0xe8/0x190
[ 67.330753] lpm_cpuidle_enter+0x4f8/0x538
[ 67.330759] cpuidle_enter_state+0x1fc/0x398
[ 67.330764] cpuidle_enter+0x18/0x20
[ 67.330772] do_idle+0x1b4/0x290
[ 67.330778] cpu_startup_entry+0x20/0x28
[ 67.330786] secondary_start_kernel+0x160/0x170

Fix this by:
1) Establishing pointers to 'struct dm_io' members in
dm_io_dec_pending() so that they may be passed into end_io_acct()
_after_ free_io() is called.
2) Moving end_io_acct() after free_io().

Cc: stable@vger.kernel.org
Signed-off-by: Jiazi Li <lijiazi@xiaomi.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
2021-10-12 13:54:10 -04:00
..
accessibility
acpi ACPI: NFIT: Use fallback node id when numa info in NFIT table is incorrect 2021-09-27 11:40:43 -07:00
amba
android binder: make sure fd closes complete 2021-09-14 09:02:13 +02:00
ata libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD. 2021-09-03 08:06:02 -06:00
atm
auxdisplay
base Driver core fixes for 5.15-rc4 2021-10-03 11:10:09 -07:00
bcma Driver core update for 5.15-rc1 2021-09-01 08:44:42 -07:00
block nbd: use shifts rather than multiplies 2021-09-29 20:31:41 -06:00
bluetooth Bluetooth: btusb: Remove WAKEUP_DISABLE and add WAKEUP_AUTOSUSPEND for Realtek devices 2021-08-19 17:08:31 +02:00
bus bus: ti-sysc: Use CLKDM_NOAUTO for dra7 dcan1 for errata i893 2021-10-06 08:01:13 +03:00
cdrom
char IPMI: A couple of very minor fixes for style and rate limiting 2021-09-12 11:44:58 -07:00
clk One patch to fix an unused variable warning in a Qualcomm clk driver. 2021-09-11 10:05:56 -07:00
clocksource - converted Pistachio platform to use MIPS generic kernel 2021-09-03 11:11:54 -07:00
comedi comedi: Fix memory leak in compat_insnlist() 2021-09-21 17:53:54 +02:00
connector
counter
cpufreq Power management fixes for 5.15-rc2 2021-09-17 12:05:04 -07:00
cpuidle - Core Frameworks 2021-09-07 12:38:59 -07:00
crypto crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() 2021-09-24 15:58:41 +08:00
cxl cxl for v5.15 2021-09-09 11:48:27 -07:00
dax libnvdimm for v5.15 2021-09-09 11:39:57 -07:00
dca
devfreq devfreq: use HZ macros 2021-09-08 11:50:26 -07:00
dio
dma dmaengine updates for v5.15-rc1 2021-09-09 11:07:47 -07:00
dma-buf dma-buf: DMABUF_SYSFS_STATS should depend on DMA_SHARED_BUFFER 2021-09-07 12:42:21 +05:30
edac EDAC/dmc520: Assign the proper type to dimm->edac_mode 2021-09-16 11:00:12 +02:00
eisa
extcon
firewire FireWire (IEEE 1394) subsystem updates: 2021-09-11 09:47:33 -07:00
firmware asm-generic: build fixes for v5.15 2021-10-08 11:57:54 -07:00
fpga fpga: dfl: Avoid reads to AFU CSRs during enumeration 2021-09-16 15:20:55 -07:00
fsi
gnss
gpio gpio fixes for v5.15-rc4 2021-09-30 12:11:35 -07:00
gpu asm-generic: build fixes for v5.15 2021-10-08 11:57:54 -07:00
greybus
hid HID: amd_sfh: Fix potential NULL pointer dereference 2021-09-27 10:00:43 +02:00
hsi
hv hyperv-fixes for 5.15-rc2 2021-09-15 17:18:56 -07:00
hwmon hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field 2021-10-02 05:14:11 -07:00
hwspinlock
hwtracing coresight: syscfg: Fix compiler warning 2021-09-14 09:03:16 +02:00
i2c i2c: mlxcpld: Modify register setting for 400KHz frequency 2021-10-04 21:56:20 +02:00
i3c
idle
iio Merge branch 'akpm' (patches from Andrew) 2021-09-08 12:55:35 -07:00
infiniband RDMA/hns: Add the check of the CQE size of the user space 2021-09-27 14:49:49 -03:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2021-09-11 09:08:28 -07:00
interconnect interconnect: qcom: sdm660: Add missing a2noc qos clocks 2021-09-13 15:49:55 +03:00
iommu asm-generic: build fixes for v5.15 2021-10-08 11:57:54 -07:00
ipack ipack: ipoctal: fix module reference leak 2021-09-27 17:38:49 +02:00
irqchip irqchip/gic: Work around broken Renesas integration 2021-09-22 14:44:25 +01:00
isdn Kbuild updates for v5.15 2021-09-03 15:33:47 -07:00
leds leds: pca955x: Switch to i2c probe_new 2021-08-20 11:00:08 +02:00
macintosh memblock: introduce saner 'memblock_free_ptr()' interface 2021-09-14 13:23:22 -07:00
mailbox mailbox: cmdq: add multi-gce clocks support for mt8195 2021-08-31 22:57:45 -05:00
mcb mcb: fix error handling in mcb_alloc_bus() 2021-09-14 11:22:26 +02:00
md dm: fix mempool NULL pointer race when completing IO 2021-10-12 13:54:10 -04:00
media asm-generic: build fixes for v5.15 2021-10-08 11:57:54 -07:00
memory
memstick Driver core update for 5.15-rc1 2021-09-01 08:44:42 -07:00
message
mfd - Core Frameworks 2021-09-07 12:38:59 -07:00
misc misc: bcm-vk: fix tty registration race 2021-09-21 16:17:15 +02:00
mmc asm-generic: build fixes for v5.15 2021-10-08 11:57:54 -07:00
most
mtd Merge branch 'akpm' (patches from Andrew) 2021-09-08 12:55:35 -07:00
mux
net asm-generic: build fixes for v5.15 2021-10-08 11:57:54 -07:00
nfc nfc: st-nci: Add SPI ID matching DT compatible 2021-09-23 12:53:06 +01:00
ntb Bug fixes and clean-ups for Linux v5.15 2021-09-07 13:05:02 -07:00
nubus
nvdimm nvdimm/pmem: fix creating the dax group 2021-09-27 11:40:43 -07:00
nvme nvme: add command id quirk for apple controllers 2021-09-27 10:02:07 -06:00
nvmem nvmem: NVMEM_NINTENDO_OTP should depend on WII 2021-09-21 17:38:37 +02:00
of fbdev: simplefb: fix Kconfig dependencies 2021-10-06 11:12:28 +02:00
opp Merge branches 'pm-pci', 'pm-sleep', 'pm-domains' and 'powercap' 2021-08-30 19:25:42 +02:00
parisc parisc: Move pci_dev_is_behind_card_dino to where it is used 2021-09-09 12:44:31 +02:00
parport parisc architecture updates for kernel 5.15: 2021-09-02 13:16:00 -07:00
pci s390 update for v5.15-rc5 2021-10-08 16:46:09 -07:00
pcmcia
perf KVM: arm64: Fix PMU probe ordering 2021-09-20 12:43:34 +01:00
phy Merge branch 'akpm' (patches from Andrew) 2021-09-08 12:55:35 -07:00
pinctrl asm-generic: build fixes for v5.15 2021-10-08 11:57:54 -07:00
platform platform/x86: gigabyte-wmi: add support for B550I Aorus Pro AX 2021-09-21 15:49:23 +02:00
pnp
power power supply and reset changes for the v5.15 series 2021-08-30 11:47:32 -07:00
powercap powercap: Add Power Limit4 support for Alder Lake SoC 2021-08-25 20:12:16 +02:00
pps
ps3
ptp Networking fixes for 5.15-rc5, including fixes from xfrm, bpf, 2021-10-07 09:50:31 -07:00
pwm pwm: mtk-disp: Implement atomic API .get_state() 2021-09-02 22:27:46 +02:00
rapidio
ras
regulator regulator: max14577: Revert "regulator: max14577: Add proper module aliases strings" 2021-09-17 13:16:38 +01:00
remoteproc
reset ARM: SoC drivers for 5.15 2021-09-01 15:25:28 -07:00
rpmsg
rtc rtc: cmos: Disable irq around direct invocation of cmos_interrupt() 2021-09-14 10:20:19 +02:00
s390 s390 updates for 5.15-rc4 2021-10-01 14:45:23 -07:00
sbus
scsi scsi: iscsi: Fix iscsi_task use after free 2021-10-04 23:40:11 -04:00
sh
siox
slimbus Driver core update for 5.15-rc1 2021-09-01 08:44:42 -07:00
soc Fixes for omaps for v5.15 2021-10-07 21:13:57 +02:00
soundwire sound updates for 5.15-rc1 2021-09-01 10:29:29 -07:00
spi spi: Fix modalias issues 2021-09-22 11:58:24 -07:00
spmi
ssb
staging media fixes for v5.15-rc5 2021-10-04 09:53:40 -07:00
target scsi: target: Fix spelling mistake "CONFLIFT" -> "CONFLICT" 2021-09-22 00:17:29 -04:00
tc
tee tee/optee/shm_pool: fix application of sizeof to pointer 2021-09-14 07:54:56 +02:00
thermal thermal/drivers/tsens: Fix wrong check for tzd in irq handlers 2021-09-21 15:17:11 +02:00
thunderbolt thunderbolt: test: split up test cases in tb_test_credit_alloc_all 2021-09-06 12:27:03 -07:00
tty xen: branch for v5.15-rc5 2021-10-08 12:55:23 -07:00
uio
usb USB fixes for 5.15-rc5 2021-10-08 10:16:01 -07:00
vdpa vdpa/mlx5: Avoid executing set_vq_ready() if device is reset 2021-09-14 18:10:43 -04:00
vfio vfio/pci: add missing identifier name in argument of function prototype 2021-09-23 14:12:36 -06:00
vhost virtio,vdpa: fixes 2021-09-28 07:27:29 -07:00
video video: fbdev: gbefb: Only instantiate device when built for IP32 2021-10-06 11:12:28 +02:00
virt
virtio virtio: don't fail on !of_device_is_compatible 2021-09-14 18:09:57 -04:00
visorbus
vlynq
vme
w1
watchdog watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST 2021-09-27 11:57:19 -07:00
xen xen: branch for v5.15-rc5 2021-10-08 12:55:23 -07:00
zorro
Kconfig firmware: include drivers/firmware/Kconfig unconditionally 2021-10-07 16:51:26 +02:00
Makefile