kybaaz/linux-xiaomi-chiron
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
linux-xiaomi-chiron/drivers/block
History
Bart Van Assche 2004bfdef9 null_blk: Fix the null_add_dev() error path 
If null_add_dev() fails, clear dev->nullb.

This patch fixes the following KASAN complaint:

BUG: KASAN: use-after-free in nullb_device_submit_queues_store+0xcf/0x160 [null_blk]
Read of size 8 at addr ffff88803280fc30 by task check/8409

Call Trace:
 dump_stack+0xa5/0xe6
 print_address_description.constprop.0+0x26/0x260
 __kasan_report.cold+0x7b/0x99
 kasan_report+0x16/0x20
 __asan_load8+0x58/0x90
 nullb_device_submit_queues_store+0xcf/0x160 [null_blk]
 configfs_write_file+0x1c4/0x250 [configfs]
 __vfs_write+0x4c/0x90
 vfs_write+0x145/0x2c0
 ksys_write+0xd7/0x180
 __x64_sys_write+0x47/0x50
 do_syscall_64+0x6f/0x2f0
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7ff370926317
Code: 64 89 02 48 c7 c0 ff ff ff ff eb bb 0f 1f 80 00 00 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24
RSP: 002b:00007fff2dd2da48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007ff370926317
RDX: 0000000000000002 RSI: 0000559437ef23f0 RDI: 0000000000000001
RBP: 0000559437ef23f0 R08: 000000000000000a R09: 0000000000000001
R10: 0000559436703471 R11: 0000000000000246 R12: 0000000000000002
R13: 00007ff370a006a0 R14: 00007ff370a014a0 R15: 00007ff370a008a0

Allocated by task 8409:
 save_stack+0x23/0x90
 __kasan_kmalloc.constprop.0+0xcf/0xe0
 kasan_kmalloc+0xd/0x10
 kmem_cache_alloc_node_trace+0x129/0x4c0
 null_add_dev+0x24a/0xe90 [null_blk]
 nullb_device_power_store+0x1b6/0x270 [null_blk]
 configfs_write_file+0x1c4/0x250 [configfs]
 __vfs_write+0x4c/0x90
 vfs_write+0x145/0x2c0
 ksys_write+0xd7/0x180
 __x64_sys_write+0x47/0x50
 do_syscall_64+0x6f/0x2f0
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

Freed by task 8409:
 save_stack+0x23/0x90
 __kasan_slab_free+0x112/0x160
 kasan_slab_free+0x12/0x20
 kfree+0xdf/0x250
 null_add_dev+0xaf3/0xe90 [null_blk]
 nullb_device_power_store+0x1b6/0x270 [null_blk]
 configfs_write_file+0x1c4/0x250 [configfs]
 __vfs_write+0x4c/0x90
 vfs_write+0x145/0x2c0
 ksys_write+0xd7/0x180
 __x64_sys_write+0x47/0x50
 do_syscall_64+0x6f/0x2f0
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

Fixes: 2984c8684f ("nullb: factor disk parameters")
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Reviewed-by: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com>
Cc: Johannes Thumshirn <jth@kernel.org>
Cc: Hannes Reinecke <hare@suse.com>
Cc: Ming Lei <ming.lei@redhat.com>
Cc: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2020-03-10 07:09:59 -06:00
..
aoe compat_ioctl: ubd, aoe: use blkdev_compat_ptr_ioctl 2020-01-03 09:33:02 +01:00
drbd drbd: fifo_alloc() should use struct_size 2020-01-29 21:03:33 -07:00
mtip32xx block: mtip32xx: Spelling s/configration/configuration/ 2019-10-25 14:31:07 -06:00
paride scsi: compat_ioctl: cdrom: Replace .ioctl with .compat_ioctl in four appropriate places 2020-02-24 15:06:07 -05:00
rsxx rsxx: add missed destroy_workqueue calls in remove 2019-11-14 13:59:49 -07:00
xen-blkback xen/blkback: Consistently insert one empty line between functions 2020-01-29 07:35:49 -06:00
zram drivers/block/zram/zram_drv.c: fix error return codes not being returned in writeback_store 2020-01-31 10:30:39 -08:00
amiflop.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
ataflop.c ataflop: Remove unneeded semicolon 2019-11-28 10:40:47 -07:00
brd.c brd: check and limit max_part par 2020-02-04 07:19:33 -07:00
cryptoloop.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 30 2019-05-24 17:27:10 +02:00
floppy.c floppy: check FDC index for errors before assigning it 2020-02-24 11:25:33 -08:00
Kconfig virtio-blk: remove VIRTIO_BLK_F_SCSI support 2020-02-06 03:40:26 -05:00
loop.c block: remove (__)blkdev_reread_part as an exported API 2019-11-14 07:43:59 -07:00
loop.h block/loop: Use global lock for ioctl() operation. 2018-11-08 06:30:11 -07:00
Makefile drivers/block: Remove DAC960 driver 2018-10-17 09:42:30 -06:00
nbd.c nbd: add a flush_workqueue in nbd_start_device 2020-01-29 21:05:53 -07:00
null_blk.h null_blk: remove unused fields in 'nullb_cmd' 2020-02-25 09:43:29 -07:00
null_blk_main.c null_blk: Fix the null_add_dev() error path 2020-03-10 07:09:59 -06:00
null_blk_zoned.c null_blk: Fix zone write handling 2020-01-15 08:18:39 -07:00
pktcdvd.c compat_ioctl: cdrom: handle CDROM_LAST_WRITTEN 2020-01-03 09:33:11 +01:00
ps3disk.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 164 2019-05-30 11:26:38 -07:00
ps3vram.c block/ps3vram: Use %llu to format sector_t after LBDAF removal 2019-06-13 03:17:50 -06:00
rbd.c Merge branch 'merge.nfs-fs_parse.1' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-02-08 13:26:41 -08:00
rbd_types.h rbd: support for object-map and fast-diff 2019-07-08 14:01:45 +02:00
skd_main.c Linux 5.2-rc6 2019-07-01 08:16:08 -06:00
skd_s1120.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 497 2019-06-19 17:09:53 +02:00
sunvdc.c compat_ioctl: block: handle cdrom compat ioctl in non-cdrom drivers 2020-01-03 09:33:15 +01:00
swim.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
swim3.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
swim_asm.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sx8.c sx8: use a per-host tag_set 2018-11-09 08:14:14 -07:00
umem.c remove ioremap_nocache and devm_ioremap_nocache 2020-01-06 09:45:59 +01:00
umem.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 348 2019-06-05 17:37:08 +02:00
virtio_blk.c virtio-blk: remove VIRTIO_BLK_F_SCSI support 2020-02-06 03:40:26 -05:00
xen-blkfront.c xen/blkfront: fix ring info addressing 2020-03-05 09:55:01 -06:00
xsysace.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
z2ram.c powerpc updates for 4.20 2018-10-26 14:36:21 -07:00