qiurui
/
Ubuntu-focal-kernel
mirror of https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Ubuntu-focal-kernel/block
History
Ye Bin e038aa6df8 blk-mq: fix possible memleak when register 'hctx' failed 
BugLink: https://bugs.launchpad.net/bugs/2003914

[ Upstream commit 4b7a21c57b14fbcd0e1729150189e5933f5088e9 ]

There's issue as follows when do fault injection test:
unreferenced object 0xffff888132a9f400 (size 512):
  comm "insmod", pid 308021, jiffies 4324277909 (age 509.733s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 08 f4 a9 32 81 88 ff ff  ...........2....
    08 f4 a9 32 81 88 ff ff 00 00 00 00 00 00 00 00  ...2............
  backtrace:
    [<00000000e8952bb4>] kmalloc_node_trace+0x22/0xa0
    [<00000000f9980e0f>] blk_mq_alloc_and_init_hctx+0x3f1/0x7e0
    [<000000002e719efa>] blk_mq_realloc_hw_ctxs+0x1e6/0x230
    [<000000004f1fda40>] blk_mq_init_allocated_queue+0x27e/0x910
    [<00000000287123ec>] __blk_mq_alloc_disk+0x67/0xf0
    [<00000000a2a34657>] 0xffffffffa2ad310f
    [<00000000b173f718>] 0xffffffffa2af824a
    [<0000000095a1dabb>] do_one_initcall+0x87/0x2a0
    [<00000000f32fdf93>] do_init_module+0xdf/0x320
    [<00000000cbe8541e>] load_module+0x3006/0x3390
    [<0000000069ed1bdb>] __do_sys_finit_module+0x113/0x1b0
    [<00000000a1a29ae8>] do_syscall_64+0x35/0x80
    [<000000009cd878b0>] entry_SYSCALL_64_after_hwframe+0x46/0xb0

Fault injection context as follows:
 kobject_add
 blk_mq_register_hctx
 blk_mq_sysfs_register
 blk_register_queue
 device_add_disk
 null_add_dev.part.0 [null_blk]

As 'blk_mq_register_hctx' may already add some objects when failed halfway,
but there isn't do fallback, caller don't know which objects add failed.
To solve above issue just do fallback when add objects failed halfway in
'blk_mq_register_hctx'.

Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20221117022940.873959-1-yebin@huaweicloud.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
 		2023-02-01 15:23:14 +01:00
..
partitions
Kconfig
Kconfig.iosched
Makefile
badblocks.c
bfq-cgroup.c block, bfq: fix null pointer dereference in bfq_bio_bfqg() 2023-02-01 15:21:20 +01:00
bfq-iosched.c block, bfq: protect 'bfqd->queued' by 'bfqd->lock' 2023-01-06 08:44:43 -08:00
bfq-iosched.h bfq: Get rid of __bio_blkcg() usage 2022-08-26 11:08:44 +02:00
bfq-wf2q.c bfq: fix blkio cgroup leakage v4 2020-09-16 05:15:01 -04:00
bio-integrity.c block: bio-integrity: Advance seed correctly for larger interval sizes 2022-03-29 09:13:59 +02:00
bio.c block: fix bio_clone_blkg_association() to associate with proper blkcg_gq 2022-08-26 11:08:45 +02:00
blk-cgroup.c blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd 2021-11-05 09:12:45 +01:00
blk-core.c Revert "Revert "block: end bio with BLK_STS_AGAIN in case of non-mq devs and REQ_NOWAIT"" 2021-03-24 11:11:30 +01:00
blk-exec.c
blk-flush.c block: Fix fsync always failed if once failed 2022-05-20 15:17:26 +02:00
blk-integrity.c
blk-ioc.c block: Fix use-after-free issue accessing struct io_cq 2020-05-05 12:32:22 +02:00
blk-iocost.c blk-iocost: ioc_pd_free() shouldn't assume irq disabled 2020-09-17 00:47:07 -06:00
blk-iolatency.c blk-iolatency: Fix inflight count imbalances and IO hangs on offline 2022-08-26 11:08:42 +02:00
blk-lib.c
blk-map.c
blk-merge.c block: return ELEVATOR_DISCARD_MERGE if possible 2022-08-26 11:06:51 +02:00
blk-mq-cpumap.c
blk-mq-debugfs-zoned.c
blk-mq-debugfs.c blk-mq: don't create hctx debugfs dir until q->debugfs_dir is created 2022-10-17 15:00:32 +02:00
blk-mq-debugfs.h
blk-mq-pci.c
blk-mq-rdma.c
blk-mq-sched.c kyber: fix out of bounds access when preempted 2021-06-18 15:02:18 +02:00
blk-mq-sched.h block: only call sched requeue_request() for scheduled requests 2020-11-09 14:46:54 +01:00
blk-mq-sysfs.c blk-mq: fix possible memleak when register 'hctx' failed 2023-02-01 15:23:14 +01:00
blk-mq-tag.c
blk-mq-tag.h
blk-mq-virtio.c
blk-mq.c blk-mq: move failure injection out of blk_mq_complete_request 2022-08-10 10:09:23 +02:00
blk-mq.h blk-mq: insert passthrough request into hctx->dispatch directly 2020-03-23 11:24:26 +01:00
blk-pm.c scsi: block: Fix a race in the runtime power management code 2021-02-19 16:43:20 +01:00
blk-pm.h
blk-rq-qos.c rq-qos: fix missed wake-ups in rq_qos_throttle try two 2021-08-13 09:46:59 +02:00
blk-rq-qos.h block: fix race between adding/removing rq qos and normal IO 2021-08-13 09:45:17 +02:00
blk-settings.c blk-settings: align max_sectors on "logical_block_size" boundary 2021-04-14 18:31:36 +02:00
blk-softirq.c
blk-stat.c
blk-stat.h
blk-sysfs.c block: don't delete queue kobject before its children 2022-05-20 15:18:34 +02:00
blk-throttle.c blk-throttle: fix UAF by deleteing timer in blk_throtl_exit() 2021-10-27 17:04:23 -06:00
blk-timeout.c blk-mq: move failure injection out of blk_mq_complete_request 2022-08-10 10:09:23 +02:00
blk-wbt.c blk-wbt: make sure throttle is enabled properly 2021-08-13 09:45:34 +02:00
blk-wbt.h blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() 2021-08-13 09:45:34 +02:00
blk-zoned.c blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN 2021-10-12 16:31:20 -06:00
blk.h blk-mq: move failure injection out of blk_mq_complete_request 2022-08-10 10:09:23 +02:00
bounce.c
bsg-lib.c blk-mq: move failure injection out of blk_mq_complete_request 2022-08-10 10:09:23 +02:00
bsg.c scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND 2021-10-12 16:31:24 -06:00
cmdline-parser.c
compat_ioctl.c block/compat_ioctl: fix range check in BLKGETSIZE 2022-06-22 14:50:57 +02:00
elevator.c block: return ELEVATOR_DISCARD_MERGE if possible 2022-08-26 11:06:51 +02:00
genhd.c block: Suppress uevent for hidden device when removed 2021-04-23 11:56:05 +02:00
ioctl.c
ioprio.c block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) 2022-02-03 18:57:58 +01:00
kyber-iosched.c kyber: fix out of bounds access when preempted 2021-06-18 15:02:18 +02:00
mq-deadline.c block: return ELEVATOR_DISCARD_MERGE if possible 2022-08-26 11:06:51 +02:00
opal_proto.h
partition-generic.c block: unhash blkdev part inode when the part is deleted 2023-02-01 15:22:02 +01:00
scsi_ioctl.c
sed-opal.c block: sed-opal: kmalloc the cmd/resp buffers 2023-02-01 15:21:07 +01:00
t10-pi.c