NothingOSS/android_kernel_msm-6.1_nothing_sm7635
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_msm-6.1_noth.../drivers
History
Bart Van Assche 2004bfdef9 null_blk: Fix the null_add_dev() error path 
If null_add_dev() fails, clear dev->nullb.

This patch fixes the following KASAN complaint:

BUG: KASAN: use-after-free in nullb_device_submit_queues_store+0xcf/0x160 [null_blk]
Read of size 8 at addr ffff88803280fc30 by task check/8409

Call Trace:
 dump_stack+0xa5/0xe6
 print_address_description.constprop.0+0x26/0x260
 __kasan_report.cold+0x7b/0x99
 kasan_report+0x16/0x20
 __asan_load8+0x58/0x90
 nullb_device_submit_queues_store+0xcf/0x160 [null_blk]
 configfs_write_file+0x1c4/0x250 [configfs]
 __vfs_write+0x4c/0x90
 vfs_write+0x145/0x2c0
 ksys_write+0xd7/0x180
 __x64_sys_write+0x47/0x50
 do_syscall_64+0x6f/0x2f0
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7ff370926317
Code: 64 89 02 48 c7 c0 ff ff ff ff eb bb 0f 1f 80 00 00 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24
RSP: 002b:00007fff2dd2da48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007ff370926317
RDX: 0000000000000002 RSI: 0000559437ef23f0 RDI: 0000000000000001
RBP: 0000559437ef23f0 R08: 000000000000000a R09: 0000000000000001
R10: 0000559436703471 R11: 0000000000000246 R12: 0000000000000002
R13: 00007ff370a006a0 R14: 00007ff370a014a0 R15: 00007ff370a008a0

Allocated by task 8409:
 save_stack+0x23/0x90
 __kasan_kmalloc.constprop.0+0xcf/0xe0
 kasan_kmalloc+0xd/0x10
 kmem_cache_alloc_node_trace+0x129/0x4c0
 null_add_dev+0x24a/0xe90 [null_blk]
 nullb_device_power_store+0x1b6/0x270 [null_blk]
 configfs_write_file+0x1c4/0x250 [configfs]
 __vfs_write+0x4c/0x90
 vfs_write+0x145/0x2c0
 ksys_write+0xd7/0x180
 __x64_sys_write+0x47/0x50
 do_syscall_64+0x6f/0x2f0
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

Freed by task 8409:
 save_stack+0x23/0x90
 __kasan_slab_free+0x112/0x160
 kasan_slab_free+0x12/0x20
 kfree+0xdf/0x250
 null_add_dev+0xaf3/0xe90 [null_blk]
 nullb_device_power_store+0x1b6/0x270 [null_blk]
 configfs_write_file+0x1c4/0x250 [configfs]
 __vfs_write+0x4c/0x90
 vfs_write+0x145/0x2c0
 ksys_write+0xd7/0x180
 __x64_sys_write+0x47/0x50
 do_syscall_64+0x6f/0x2f0
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

Fixes: 2984c8684f ("nullb: factor disk parameters")
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Reviewed-by: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com>
Cc: Johannes Thumshirn <jth@kernel.org>
Cc: Hannes Reinecke <hare@suse.com>
Cc: Ming Lei <ming.lei@redhat.com>
Cc: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2020-03-10 07:09:59 -06:00
..
accessibility
acpi ACPI fixes for 5.6-rc4 2020-02-28 09:02:18 -08:00
amba
android binder: prevent UAF for binderfs devices II 2020-03-03 19:58:37 +01:00
ata libata-5.6-2020-02-05 2020-02-06 06:11:50 +00:00
atm
auxdisplay
base Driver core / debugfs fixes for 5.6-rc5 2020-03-08 10:39:40 -05:00
bcma
block null_blk: Fix the null_add_dev() error path 2020-03-10 07:09:59 -06:00
bluetooth
bus Few fixes for omaps for v5.6-rc cycle 2020-02-29 11:47:44 -08:00
cdrom scsi: compat_ioctl: cdrom: Replace .ioctl with .compat_ioctl in four appropriate places 2020-02-24 15:06:07 -05:00
char tpm: Initialize crypto_id of allocated_banks to HASH_ALGO__LAST 2020-02-17 20:47:06 +02:00
clk ARM: SoC: late updates 2020-02-08 14:17:27 -08:00
clocksource ARM: SoC: late updates 2020-02-08 14:17:27 -08:00
connector
counter
cpufreq cpufreq: Fix policy initialization for internal governor drivers 2020-02-27 08:57:48 +01:00
cpuidle ARM: SoC-related driver updates 2020-02-08 14:04:19 -08:00
crypto
dax
dca
devfreq Revert "PM / devfreq: Modify the device name as devfreq(X) for sysfs" 2020-02-24 11:14:29 +09:00
dio
dma dmaengine: imx-sdma: Fix the event id check to include RX event for UART6 2020-02-25 14:15:26 +05:30
dma-buf dma-buf: free dmabuf->name in dma_buf_release() 2020-02-27 18:01:58 +05:30
edac EDAC/synopsys: Do not print an error with back-to-back snprintf() calls 2020-02-27 16:44:25 +01:00
eisa
extcon
firewire
firmware ARM: SoC fixes 2020-03-08 17:36:22 -07:00
fpga
fsi fsi: aspeed: add unspecified HAS_IOMEM dependency 2020-02-10 13:45:49 -08:00
gnss
gpio gpio: sifive: fix static checker warning 2020-02-10 13:54:17 +01:00
gpu Merge tag 'amd-drm-fixes-5.6-2020-03-05' of git://people.freedesktop.org/~agd5f/linux into drm-fixes 2020-03-06 11:06:33 +10:00
greybus
hid HID: hyperv: NULL check before some freeing functions is not needed. 2020-03-05 14:17:11 +00:00
hsi
hv - Most of the commits here are work to enable host-initiated hibernation 2020-02-03 14:42:03 +00:00
hwmon hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() 2020-03-03 12:42:55 -08:00
hwspinlock
hwtracing
i2c i2c: altera: Fix potential integer overflow 2020-02-13 09:29:30 +01:00
i3c
ide scsi: compat_ioctl: cdrom: Replace .ioctl with .compat_ioctl in four appropriate places 2020-02-24 15:06:07 -05:00
idle intel_idle: Introduce 'states_off' module parameter 2020-02-03 11:57:18 +01:00
iio chrome platform changes for 5.6 2020-02-04 07:17:41 +00:00
infiniband Second RDMA 5.6 pull request 2020-03-07 19:52:55 -06:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2020-02-15 16:49:25 -08:00
interconnect interconnect: Handle memory allocation errors 2020-03-03 08:02:57 +01:00
iommu iommu/arm-smmu: Restore naming of driver parameter prefix 2020-02-19 12:03:21 +01:00
ipack
irqchip irqchip/gic-v4.1: Avoid 64bit division for the sake of 32bit ARM 2020-02-09 15:47:37 -08:00
isdn proc: convert everything to "struct proc_ops" 2020-02-04 03:05:26 +00:00
leds
lightnvm
macintosh macintosh: therm_windtunnel: fix regression when instantiating devices 2020-02-29 21:13:22 +01:00
mailbox
mcb
md block-5.6-2020-03-07 2020-03-07 14:14:38 -06:00
media media: mc-entity.c: use & to check pad flags, not == 2020-02-24 15:10:04 +01:00
memory
memstick
message
mfd chrome platform changes for 5.6 2020-02-04 07:17:41 +00:00
misc altera-stapl: altera_get_note: prevent write beyond end of 'key' 2020-03-03 08:02:57 +01:00
mmc
mtd treewide: remove redundant IS_ERR() before error code check 2020-02-04 03:05:27 +00:00
mux
net net: dsa: mv88e6xxx: Fix masking of egress port 2020-02-27 12:29:09 -08:00
nfc nfc: pn544: Fix occasional HW initialization failure 2020-02-19 11:09:27 -08:00
ntb
nubus
nvdimm mm: Cleanup __put_devmap_managed_page() vs ->page_free() 2020-01-31 10:30:37 -08:00
nvme nvme-pci: Hold cq_poll_lock while completing CQEs 2020-02-28 01:32:14 +09:00
nvmem Merge branch 'i2c/for-5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2020-02-07 12:54:13 -08:00
of ARM: SoC-related driver updates 2020-02-08 14:04:19 -08:00
opp
oprofile
parisc proc: convert everything to "struct proc_ops" 2020-02-04 03:05:26 +00:00
parport
pci PCI: brcmstb: Fix build on 32bit ARM platforms with older compilers 2020-02-27 08:06:20 -06:00
pcmcia
perf drivers/perf: arm_pmu_acpi: Fix incorrect checking of gicc pointer 2020-03-02 12:07:35 +00:00
phy phy: for 5.6-rc 2020-03-04 13:28:52 +01:00
pinctrl pinctrl: fix pxa2xx.c build warnings 2020-02-04 03:05:24 +00:00
platform platform/chrome: wilco_ec: Include asm/unaligned instead of linux/ path 2020-02-11 09:10:36 +01:00
pnp proc: convert everything to "struct proc_ops" 2020-02-04 03:05:26 +00:00
power ARM: SoC platform updates 2020-02-08 13:55:25 -08:00
powercap
pps
ps3
ptp
pwm
rapidio
ras
regulator regulator: Fixes for v5.6 2020-03-06 14:48:30 -06:00
remoteproc
reset reset: intel: add unspecified HAS_IOMEM dependency 2020-02-10 11:11:55 +01:00
rpmsg
rtc chrome platform changes for 5.6 2020-02-04 07:17:41 +00:00
s390 SCSI fixes on 20200229 2020-02-29 09:58:47 -06:00
sbus
scsi scsi: compat_ioctl: cdrom: Replace .ioctl with .compat_ioctl in four appropriate places 2020-02-24 15:06:07 -05:00
sfi
sh
siox
slimbus
soc i.MX fixes for 5.6: 2020-02-24 09:57:05 -08:00
soundwire
spi spi: Fixes for v5.6 2020-03-06 14:50:16 -06:00
spmi spmi: pmic-arb: Set lockdep class for hierarchical irq domains 2020-02-10 13:16:04 +01:00
ssb
staging TTY/Serial fixes for 5.6-rc5 2020-03-08 10:35:04 -05:00
target scsi: Revert "target: iscsi: Wait for all commands to finish before freeing a session" 2020-02-14 17:13:54 -05:00
tc The main MIPS changes for 5.6: 2020-01-31 11:28:31 -08:00
tee arm64: dts: agilex: fix gmac compatible 2020-03-03 16:40:56 -08:00
thermal - Fix a SEVERE docs build failure for cpu idle cooling device (Randy Dunlap) 2020-01-31 14:39:21 -08:00
thunderbolt thunderbolt: Prevent crash if non-active NVMem file is read 2020-02-13 04:59:30 -08:00
tty tty: serial: fsl_lpuart: free IDs allocated by IDA 2020-03-06 14:10:44 +01:00
uio
usb usb: dwc3: gadget: Update chain bit correctly when using sg list 2020-03-04 10:58:16 +01:00
vfio VFIO updates for v5.6-rc1 2020-02-03 22:22:05 +00:00
vhost vhost: Check docket sk_family instead of call getname 2020-02-22 21:41:42 -08:00
video ARM: SoC fixes 2020-03-08 17:36:22 -07:00
virt
virtio virtio_balloon: Fix memory leaks on errors in virtballoon_probe() 2020-02-06 03:40:27 -05:00
visorbus
vlynq
vme Char/Misc driver changes for 5.6-rc1 2020-01-29 10:35:54 -08:00
w1 Char/Misc driver changes for 5.6-rc1 2020-01-29 10:35:54 -08:00
watchdog ACPI fixes for 5.6-rc4 2020-02-28 09:02:18 -08:00
xen xen/xenbus: fix locking 2020-03-05 09:42:23 -06:00
zorro Kbuild updates for v5.6 (2nd) 2020-02-09 16:05:50 -08:00
Kconfig
Makefile