korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-13 14:24:11 +08:00
Code Issues Packages Projects Releases Wiki Activity
linux-6.9.y
linux/drivers/ata
History
Niklas Cassel 8106da4d88 ata: libata-core: Fix double free on error 
commit ab9e0c529e upstream.

If e.g. the ata_port_alloc() call in ata_host_alloc() fails, we will jump
to the err_out label, which will call devres_release_group().
devres_release_group() will trigger a call to ata_host_release().
ata_host_release() calls kfree(host), so executing the kfree(host) in
ata_host_alloc() will lead to a double free:

kernel BUG at mm/slub.c:553!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
CPU: 11 PID: 599 Comm: (udev-worker) Not tainted 6.10.0-rc5 #47
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014
RIP: 0010:kfree+0x2cf/0x2f0
Code: 5d 41 5e 41 5f 5d e9 80 d6 ff ff 4d 89 f1 41 b8 01 00 00 00 48 89 d9 48 89 da
RSP: 0018:ffffc90000f377f0 EFLAGS: 00010246
RAX: ffff888112b1f2c0 RBX: ffff888112b1f2c0 RCX: ffff888112b1f320
RDX: 000000000000400b RSI: ffffffffc02c9de5 RDI: ffff888112b1f2c0
RBP: ffffc90000f37830 R08: 0000000000000000 R09: 0000000000000000
R10: ffffc90000f37610 R11: 617461203a736b6e R12: ffffea00044ac780
R13: ffff888100046400 R14: ffffffffc02c9de5 R15: 0000000000000006
FS:  00007f2f1cabe980(0000) GS:ffff88813b380000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2f1c3acf75 CR3: 0000000111724000 CR4: 0000000000750ef0
PKRU: 55555554
Call Trace:
 <TASK>
 ? __die_body.cold+0x19/0x27
 ? die+0x2e/0x50
 ? do_trap+0xca/0x110
 ? do_error_trap+0x6a/0x90
 ? kfree+0x2cf/0x2f0
 ? exc_invalid_op+0x50/0x70
 ? kfree+0x2cf/0x2f0
 ? asm_exc_invalid_op+0x1a/0x20
 ? ata_host_alloc+0xf5/0x120 [libata]
 ? ata_host_alloc+0xf5/0x120 [libata]
 ? kfree+0x2cf/0x2f0
 ata_host_alloc+0xf5/0x120 [libata]
 ata_host_alloc_pinfo+0x14/0xa0 [libata]
 ahci_init_one+0x6c9/0xd20 [ahci]

Ensure that we will not call kfree(host) twice, by performing the kfree()
only if the devres_open_group() call failed.

Fixes: dafd6c4963 ("libata: ensure host is free'd on error exit paths")
Cc: stable@vger.kernel.org
Reviewed-by: Damien Le Moal <dlemoal@kernel.org>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Link: https://lore.kernel.org/r/20240629124210.181537-9-cassel@kernel.org
Signed-off-by: Niklas Cassel <cassel@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-07-05 09:38:15 +02:00
..
pata_parport ata: pata_parport: make pata_parport_bus_type const 2024-02-06 10:41:57 +01:00
acard-ahci.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
ahci_brcm.c ata: libata: Make ata_platform_remove_one return void 2023-05-15 06:49:39 +09:00
ahci_ceva.c ata: ahci_ceva: fix error handling for Xilinx GT PHY support 2024-02-19 10:44:37 +01:00
ahci_da850.c ata: libata: Make ata_platform_remove_one return void 2023-05-15 06:49:39 +09:00
ahci_dm816.c ata: libata: Make ata_platform_remove_one return void 2023-05-15 06:49:39 +09:00
ahci_dwc.c ata: Explicitly include correct DT includes 2023-08-02 17:37:05 +09:00
ahci_imx.c ata: imx: Use device_get_match_data() 2023-10-11 17:54:05 +09:00
ahci_mtk.c ata: Explicitly include correct DT includes 2023-08-02 17:37:05 +09:00
ahci_mvebu.c ata: Explicitly include correct DT includes 2023-08-02 17:37:05 +09:00
ahci_octeon.c ata: ahci_octeon: Convert to devm_platform_ioremap_resource() 2023-08-02 17:37:06 +09:00
ahci_platform.c driver core changes for 6.5-rc1 2023-07-03 12:56:23 -07:00
ahci_qoriq.c ata: fix debounce timings type 2023-08-02 17:37:06 +09:00
ahci_seattle.c ata: ahci_seattle: Convert to devm_platform_ioremap_resource() 2023-08-02 17:37:06 +09:00
ahci_st.c ata: ahci_st: Remove an unused field in struct st_ahci_drv_data 2024-04-02 12:18:15 +09:00
ahci_sunxi.c ata: Explicitly include correct DT includes 2023-08-02 17:37:05 +09:00
ahci_tegra.c ata: ahci_tegra: Convert to devm_platform_ioremap_resource() 2023-08-02 17:37:06 +09:00
ahci_xgene.c ata: xgene: Use of_device_get_match_data() 2023-10-11 17:53:37 +09:00
ahci.c ata: ahci: Clean up sysfs file on error 2024-07-05 09:38:15 +02:00
ahci.h ahci: clean up intel_pcs_quirk 2024-02-13 11:31:14 +01:00
ata_generic.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
ata_piix.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
Kconfig ata: ahci: Drop low power policy board type 2024-02-09 10:34:00 +01:00
libahci_platform.c ata: Explicitly include correct DT includes 2023-08-02 17:37:05 +09:00
libahci.c ahci: print the number of implemented ports 2024-02-21 19:13:43 +01:00
libata-acpi.c ata: make use of ata_port_is_frozen() helper 2022-10-18 13:53:27 +09:00
libata-core.c ata: libata-core: Fix double free on error 2024-07-05 09:38:15 +02:00
libata-eh.c scsi: sd: Fix TCG OPAL unlock on system resume 2024-03-25 15:46:12 -04:00
libata-pata-timings.c ata: separate PATA timings code from libata-core.c 2020-03-26 10:28:19 -06:00
libata-pmp.c ata: libata: add tracepoints for ATA error handling 2022-01-05 19:33:01 +09:00
libata-sata.c ata: libata-sata: improve sysfs description for ATA_LPM_UNKNOWN 2024-01-22 22:26:03 +01:00
libata-scsi.c ata: libata-scsi: Set the RMB bit only for removable media devices 2024-06-21 14:40:13 +02:00
libata-sff.c ata: ahci: print the lpm policy on boot 2023-10-03 09:39:49 +09:00
libata-trace.c ata: scsi: rename flag ATA_QCFLAG_FAILED to ATA_QCFLAG_EH 2023-01-04 13:36:26 +09:00
libata-transport.c ata: libata-core: Do not register PM operations for SAS ports 2023-09-28 21:23:14 +09:00
libata-transport.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
libata-zpodd.c libata: zpodd: Fix small read overflow in zpodd_get_mech_type() 2019-07-29 16:00:14 -06:00
libata.h ata: libata-scsi: Cleanup ata_scsi_start_stop_xlat() 2023-10-03 09:39:49 +09:00
Makefile ATA changes for 6.3-rc1 2023-02-22 13:35:51 -08:00
pata_acpi.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_ali.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_amd.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_arasan_cf.c ata: pata_arasan_cf: Convert to platform remove callback returning void 2023-08-02 17:53:09 +09:00
pata_artop.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_atiixp.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_atp867x.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_buddha.c ata: pata_buddha: Remove #include <asm/ide.h> 2023-08-24 08:09:59 +09:00
pata_cmd64x.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_cmd640.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_cs5520.c ata: ahci: print the lpm policy on boot 2023-10-03 09:39:49 +09:00
pata_cs5530.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_cs5535.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_cs5536.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_cypress.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_efar.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_ep93xx.c ata: pata_ep93xx: use soc_device_match for UDMA modes 2023-08-25 22:09:43 +09:00
pata_falcon.c ata: pata_falcon: Convert to platform remove callback returning void 2023-11-08 09:00:44 +09:00
pata_ftide010.c ata: pata_ftide010: Add missing MODULE_DESCRIPTION 2023-08-25 08:21:03 +09:00
pata_gayle.c ata: pata_gayle: Convert to platform remove callback returning void 2023-11-08 09:00:49 +09:00
pata_hpt3x2n.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_hpt3x3.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_hpt37x.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_hpt366.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_icside.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_imx.c ata: pata_imx: Use helper function devm_clk_get_enabled() 2023-08-17 07:45:32 +09:00
pata_isapnp.c ata: pata_isapnp: Add missing error check for devm_ioport_map() 2023-11-20 09:22:26 +09:00
pata_it821x.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_it8213.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_ixp4xx_cf.c ata: pata_ixp4xx: Remove unnecessary return value check 2023-08-02 17:37:06 +09:00
pata_jmicron.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_legacy.c ata: pata_legacy: make legacy_exit() work again 2024-06-16 13:50:56 +02:00
pata_macio.c ata: pata_macio: drop driver owner assignment 2024-04-01 07:52:17 +09:00
pata_marvell.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_mpc52xx.c ata: pata_mpc52xx: Convert to platform remove callback returning void 2023-08-02 17:55:49 +09:00
pata_mpiix.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_netcell.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_ninja32.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_ns87410.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_ns87415.c ata: pata_ns87415: mark ns87560_tf_read static 2023-07-28 08:52:42 +09:00
pata_octeon_cf.c ata: pata_octeon_cf: fix error return code in octeon_cf_probe() 2023-07-26 08:32:21 +09:00
pata_of_platform.c ata: libata: Make ata_platform_remove_one return void 2023-05-15 06:49:39 +09:00
pata_oldpiix.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_opti.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_optidma.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_pcmcia.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_pdc202xx_old.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_pdc2027x.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_piccolo.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_platform.c ata: libata: Make ata_platform_remove_one return void 2023-05-15 06:49:39 +09:00
pata_pxa.c ata: pata_pxa: convert not to use dma_request_slave_channel() 2023-11-20 09:28:25 +09:00
pata_radisys.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_rb532_cf.c ata: pata_rb532_cf: Convert to platform remove callback returning void 2023-08-02 17:55:52 +09:00
pata_rdc.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_rz1000.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_sc1200.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_sch.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_serverworks.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_sil680.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_sis.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_sl82c105.c ata: libata: remove deprecated EH callbacks 2023-08-02 17:45:42 +09:00
pata_triflex.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pata_via.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
pdc_adma.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
sata_dwc_460ex.c ata: sata_dwc_460ex: Convert to platform remove callback returning void 2023-08-02 17:55:52 +09:00
sata_fsl.c ata: sata_fsl: Convert to platform remove callback returning void 2023-08-02 17:55:52 +09:00
sata_gemini.c ata: sata_gemini: Check clk_enable() result 2024-04-04 12:42:00 +09:00
sata_gemini.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sata_highbank.c ata: fix debounce timings type 2023-08-02 17:37:06 +09:00
sata_inic162x.c ata: fix debounce timings type 2023-08-02 17:37:06 +09:00
sata_mv.c ata: sata_mv: Fix PCI device ID table declaration compilation warning 2024-04-04 11:34:02 +09:00
sata_nv.c ata: fix debounce timings type 2023-08-02 17:37:06 +09:00
sata_promise.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
sata_promise.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 18 2019-05-21 11:28:46 +02:00
sata_qstor.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
sata_rcar.c ata: sata_rcar: Convert to platform remove callback returning void 2023-08-02 17:55:52 +09:00
sata_sil24.c ata: sata_sil24: fix parameter type of sil24_exec_polled_cmd() 2023-08-02 17:37:07 +09:00
sata_sil.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
sata_sis.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
sata_svw.c ata: Use of_property_read_reg() to parse "reg" 2023-06-13 15:38:48 +09:00
sata_sx4.c ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit 2024-04-01 07:52:17 +09:00
sata_uli.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
sata_via.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
sata_vsc.c scsi: ata: Declare SCSI host templates const 2023-03-24 19:19:19 -04:00
sis.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00