korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-11 04:18:39 +08:00
Code Issues Packages Projects Releases Wiki Activity
b858a36fe9
linux/drivers
History
Li Nan e58f5142f8 ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() 
When two UBLK_CMD_START_USER_RECOVERY commands are submitted, the
first one sets 'ubq->ubq_daemon' to NULL, and the second one triggers
WARN in ublk_queue_reinit() and subsequently a NULL pointer dereference
issue.

Fix it by adding the check in ublk_ctrl_start_recovery() and return
immediately in case of zero 'ub->nr_queues_ready'.

  BUG: kernel NULL pointer dereference, address: 0000000000000028
  RIP: 0010:ublk_ctrl_start_recovery.constprop.0+0x82/0x180
  Call Trace:
   <TASK>
   ? __die+0x20/0x70
   ? page_fault_oops+0x75/0x170
   ? exc_page_fault+0x64/0x140
   ? asm_exc_page_fault+0x22/0x30
   ? ublk_ctrl_start_recovery.constprop.0+0x82/0x180
   ublk_ctrl_uring_cmd+0x4f7/0x6c0
   ? pick_next_task_idle+0x26/0x40
   io_uring_cmd+0x9a/0x1b0
   io_issue_sqe+0x193/0x3f0
   io_wq_submit_work+0x9b/0x390
   io_worker_handle_work+0x165/0x360
   io_wq_worker+0xcb/0x2f0
   ? finish_task_switch.isra.0+0x203/0x290
   ? finish_task_switch.isra.0+0x203/0x290
   ? __pfx_io_wq_worker+0x10/0x10
   ret_from_fork+0x2d/0x50
   ? __pfx_io_wq_worker+0x10/0x10
   ret_from_fork_asm+0x1a/0x30
   </TASK>

Fixes: c732a852b4 ("ublk_drv: add START_USER_RECOVERY and END_USER_RECOVERY support")
Reported-and-tested-by: Changhui Zhong <czhong@redhat.com>
Closes: https://lore.kernel.org/all/CAGVVp+UvLiS+bhNXV-h2icwX1dyybbYHeQUuH7RYqUvMQf6N3w@mail.gmail.com
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Li Nan <linan122@huawei.com>
Link: https://lore.kernel.org/r/20240904031348.4139545-1-ming.lei@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2024-09-04 07:15:38 -06:00
..
accel
accessibility
acpi Updates for the interrupt subsystem: 2024-07-22 13:52:05 -07:00
amba
android binder: fix hang of unregistered readers 2024-07-12 11:31:37 +02:00
ata Char/Misc and other driver changes for 6.11-rc1 2024-07-19 15:55:08 -07:00
atm
auxdisplay parport: Remove parport_driver.devmodel 2024-07-03 16:44:22 +02:00
base Switch ARM/ARM64 over to the modern per device MSI domains: 2024-07-22 14:02:19 -07:00
bcma
block ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() 2024-09-04 07:15:38 -06:00
bluetooth virtio: features, fixes, cleanups 2024-07-19 11:57:55 -07:00
bus Char/Misc and other driver changes for 6.11-rc1 2024-07-19 15:55:08 -07:00
cache
cdrom
cdx
char Char/Misc and other driver changes for 6.11-rc1 2024-07-19 15:55:08 -07:00
clk This a large collection of clk driver updates and a handful of new SoC 2024-07-19 12:16:28 -07:00
clocksource clocksource/drivers/realtek: Add timer driver for rtl-otto platforms 2024-07-12 16:07:06 +02:00
comedi
connector
counter Char/Misc and other driver changes for 6.11-rc1 2024-07-19 15:55:08 -07:00
cpufreq Power management updates for 6.11-rc1 2024-07-16 15:54:03 -07:00
cpuidle cpuidle: teo: Don't count non-existent intercepts 2024-07-01 18:58:55 +02:00
crypto ARM: 2024-07-20 12:41:03 -07:00
cxl
dax
dca dca: add missing MODULE_DESCRIPTION() macro 2024-07-03 16:40:41 +02:00
devfreq
dio
dma Char/Misc and other driver changes for 6.11-rc1 2024-07-19 15:55:08 -07:00
dma-buf - 875fa64577 ("mm/hugetlb_vmemmap: fix race with speculative PFN 2024-07-21 17:15:46 -07:00
dpll
edac - Make error checking of AMD SMN accesses more robust in the callers as 2024-07-15 19:53:07 -07:00
eisa
extcon
firewire firewire: core: move copy_port_status() helper function to TP_fast_assign() block 2024-07-12 14:34:12 +09:00
firmware LoongArch changes for v6.11 2024-07-22 13:44:22 -07:00
fpga
fsi
gnss
gpio virtio: features, fixes, cleanups 2024-07-19 11:57:55 -07:00
gpu - In the series "treewide: Refactor heap related implementation", 2024-07-21 17:56:22 -07:00
greybus greybus: add missing MODULE_DESCRIPTION() macros 2024-07-03 16:40:35 +02:00
hid for-linus-2024071601 2024-07-17 17:28:31 -07:00
hsi
hte
hv mm/memory_hotplug: initialize memmap of !ZONE_DEVICE with PageOffline() instead of PageReserved() 2024-07-03 19:30:18 -07:00
hwmon Char/Misc and other driver changes for 6.11-rc1 2024-07-19 15:55:08 -07:00
hwspinlock
hwtracing intel_th: msu-sink: add missing MODULE_DESCRIPTION() 2024-07-03 16:40:30 +02:00
i2c The I2C core gains documentation updates for the testunit, a cleanup 2024-07-19 16:46:26 -07:00
i3c
idle
iio Char/Misc and other driver changes for 6.11-rc1 2024-07-19 15:55:08 -07:00
infiniband IOMMU Updates for Linux v6.11 2024-07-19 09:59:58 -07:00
input Input updates for v6.11-rc0 2024-07-19 16:51:39 -07:00
interconnect Char/Misc and other driver changes for 6.11-rc1 2024-07-19 15:55:08 -07:00
iommu virtio: features, fixes, cleanups 2024-07-19 11:57:55 -07:00
ipack
irqchip Switch ARM/ARM64 over to the modern per device MSI domains: 2024-07-22 14:02:19 -07:00
isdn
leds - Core Frameworks 2024-07-17 17:51:30 -07:00
macintosh macintosh/therm_windtunnel: fix module unload. 2024-07-11 17:32:31 +10:00
mailbox
mcb mcb: remove unused struct 'mcb_parse_priv' 2024-07-03 16:41:48 +02:00
md md/raid1: Fix data corruption for degraded array with slow disk 2024-08-15 13:38:17 -07:00
media media updates for v6.11-rc1 2024-07-17 18:30:10 -07:00
memory
memstick memstick: rtsx_pci_ms: Remove Realtek PCI memstick driver 2024-07-08 10:59:06 +02:00
message
mfd - New Drivers 2024-07-17 17:42:20 -07:00
misc pci-v6.11-changes 2024-07-19 19:03:18 -07:00
mmc - New Drivers 2024-07-17 17:42:20 -07:00
most
mtd MTD changes: 2024-07-20 11:52:17 -07:00
mux
net Thermal control fix for 6.11-rc1 2024-07-22 12:13:48 -07:00
nfc
ntb
nubus
nvdimm 6.11 updates for libnvdimm 2024-07-20 11:26:02 -07:00
nvme nvme: Remove unused field 2024-08-22 13:28:40 -07:00
nvmem Char/Misc and other driver changes for 6.11-rc1 2024-07-19 15:55:08 -07:00
of IOMMU Updates for Linux v6.11 2024-07-19 09:59:58 -07:00
opp Merge branches 'pm-opp' and 'pm-tools' 2024-07-15 18:55:14 +02:00
parisc
parport dev/parport: fix the array out-of-bounds risk 2024-07-10 14:59:45 +02:00
pci Switch ARM/ARM64 over to the modern per device MSI domains: 2024-07-22 14:02:19 -07:00
pcmcia
peci
perf arm64 updates for 6.11: 2024-07-15 17:06:19 -07:00
phy USB/Thunderbolt updates for 6.11-rc1 2024-07-19 15:37:48 -07:00
pinctrl Pin control bulk changes for the v6.11 kernel series: 2024-07-21 10:25:59 -07:00
platform - added support for Realtek RTL9302C 2024-07-20 09:03:36 -07:00
pmdomain mdomain: Merge branch fixes into next 2024-07-09 13:12:41 +02:00
pnp
power power sequencing fixes for v6.11-rc1 2024-07-19 14:31:18 -07:00
powercap
pps parport: Remove parport_driver.devmodel 2024-07-03 16:44:22 +02:00
ps3
ptp Networking changes for 6.11. Not much excitement - a handful of large 2024-07-16 19:28:34 -07:00
pwm pwm: axi-pwmgen: add .max_register to regmap 2024-07-11 15:44:40 +02:00
rapidio
ras - The AMD memory controllers data fabric version 4.5 supports 2024-07-15 18:20:24 -07:00
regulator - New Drivers 2024-07-17 17:42:20 -07:00
remoteproc virtio: rename find_vqs_info() op to find_vqs() 2024-07-17 05:20:57 -04:00
reset soc: driver updates for 6.11 2024-07-16 11:35:27 -07:00
rpmsg virtio: rename virtio_find_vqs_info() to virtio_find_vqs() 2024-07-17 05:20:58 -04:00
rtc rtc: stm32: add new st,stm32mp25-rtc compatible and check RIF configuration 2024-07-10 17:15:33 +02:00
s390 s390/dasd: fix error recovery leading to data corruption on ESE devices 2024-08-12 10:31:08 -06:00
sbus sbus: add missing MODULE_DESCRIPTION() macros 2024-07-11 15:42:03 +02:00
scsi for-6.11/block-post-20240722 2024-07-22 11:04:09 -07:00
sh
siox
slimbus slimbus: Fix struct and documentation alignment in stream.c 2024-07-05 10:13:04 +02:00
soc sound updates for 6.11-rc1 2024-07-19 12:39:34 -07:00
soundwire sound updates for 6.11-rc1 2024-07-19 12:39:34 -07:00
spi Char/Misc and other driver changes for 6.11-rc1 2024-07-19 15:55:08 -07:00
spmi spmi: add missing MODULE_DESCRIPTION() macros 2024-07-12 10:44:53 +02:00
ssb
staging - In the series "treewide: Refactor heap related implementation", 2024-07-21 17:56:22 -07:00
target
tc
tee soc: driver updates for 6.11 2024-07-16 11:35:27 -07:00
thermal thermal: core: Allow thermal zones to tell the core to ignore them 2024-07-18 13:35:55 +02:00
thunderbolt
tty TTY/Serial updates for 6.11-rc1 2024-07-19 15:22:14 -07:00
ufs SCSI misc on 20240718 2024-07-19 10:56:58 -07:00
uio
usb pci-v6.11-changes 2024-07-19 19:03:18 -07:00
vdpa vdpa/mlx5: Don't enable non-active VQs in .set_vq_ready() 2024-07-09 08:42:51 -04:00
vfio powerpc updates for 6.11 2024-07-19 21:00:33 -07:00
vhost virtio: features, fixes, cleanups 2024-07-19 11:57:55 -07:00
video - 875fa64577 ("mm/hugetlb_vmemmap: fix race with speculative PFN 2024-07-21 17:15:46 -07:00
virt ARM: 2024-07-20 12:41:03 -07:00
virtio - 875fa64577 ("mm/hugetlb_vmemmap: fix race with speculative PFN 2024-07-21 17:15:46 -07:00
w1
watchdog - New Drivers 2024-07-17 17:42:20 -07:00
xen - 875fa64577 ("mm/hugetlb_vmemmap: fix race with speculative PFN 2024-07-21 17:15:46 -07:00
zorro
Kconfig
Makefile