forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/drivers
History
Liang Chen ecfc882f64 bcache: fix a race between cache register and cacheset unregister 
commit a4b732a248 upstream.

There is a race between cache device register and cache set unregister.
For an already registered cache device, register_bcache will call
bch_is_open to iterate through all cachesets and check every cache
there. The race occurs if cache_set_free executes at the same time and
clears the caches right before ca is dereferenced in bch_is_open_cache.
To close the race, let's make sure the clean up work is protected by
the bch_register_lock as well.

This issue can be reproduced as follows,
while true; do echo /dev/XXX> /sys/fs/bcache/register ; done&
while true; do echo 1> /sys/block/XXX/bcache/set/unregister ; done &

and results in the following oops,

[  +0.000053] BUG: unable to handle kernel NULL pointer dereference at 0000000000000998
[  +0.000457] #PF error: [normal kernel read fault]
[  +0.000464] PGD 800000003ca9d067 P4D 800000003ca9d067 PUD 3ca9c067 PMD 0
[  +0.000388] Oops: 0000 [#1] SMP PTI
[  +0.000269] CPU: 1 PID: 3266 Comm: bash Not tainted 5.0.0+ #6
[  +0.000346] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.fc28 04/01/2014
[  +0.000472] RIP: 0010:register_bcache+0x1829/0x1990 [bcache]
[  +0.000344] Code: b0 48 83 e8 50 48 81 fa e0 e1 10 c0 0f 84 a9 00 00 00 48 89 c6 48 89 ca 0f b7 ba 54 04 00 00 4c 8b 82 60 0c 00 00 85 ff 74 2f <49> 3b a8 98 09 00 00 74 4e 44 8d 47 ff 31 ff 49 c1 e0 03 eb 0d
[  +0.000839] RSP: 0018:ffff92ee804cbd88 EFLAGS: 00010202
[  +0.000328] RAX: ffffffffc010e190 RBX: ffff918b5c6b5000 RCX: ffff918b7d8e0000
[  +0.000399] RDX: ffff918b7d8e0000 RSI: ffffffffc010e190 RDI: 0000000000000001
[  +0.000398] RBP: ffff918b7d318340 R08: 0000000000000000 R09: ffffffffb9bd2d7a
[  +0.000385] R10: ffff918b7eb253c0 R11: ffffb95980f51200 R12: ffffffffc010e1a0
[  +0.000411] R13: fffffffffffffff2 R14: 000000000000000b R15: ffff918b7e232620
[  +0.000384] FS:  00007f955bec2740(0000) GS:ffff918b7eb00000(0000) knlGS:0000000000000000
[  +0.000420] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  +0.000801] CR2: 0000000000000998 CR3: 000000003cad6000 CR4: 00000000001406e0
[  +0.000837] Call Trace:
[  +0.000682]  ? _cond_resched+0x10/0x20
[  +0.000691]  ? __kmalloc+0x131/0x1b0
[  +0.000710]  kernfs_fop_write+0xfa/0x170
[  +0.000733]  __vfs_write+0x2e/0x190
[  +0.000688]  ? inode_security+0x10/0x30
[  +0.000698]  ? selinux_file_permission+0xd2/0x120
[  +0.000752]  ? security_file_permission+0x2b/0x100
[  +0.000753]  vfs_write+0xa8/0x1a0
[  +0.000676]  ksys_write+0x4d/0xb0
[  +0.000699]  do_syscall_64+0x3a/0xf0
[  +0.000692]  entry_SYSCALL_64_after_hwframe+0x44/0xa9

Signed-off-by: Liang Chen <liangchen.linux@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Coly Li <colyli@suse.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-05-22 07:37:43 +02:00
..
accessibility
acpi ACPI: PM: Set enable_for_wake for wakeup GPEs during suspend-to-idle 2019-05-22 07:37:41 +02:00
amba
android binder: fix handling of misaligned binder object 2019-05-02 09:58:56 +02:00
ata libata: fix using DMA buffers on stack 2019-05-04 09:20:21 +02:00
atm atm: he: fix sign-extension overflow on large shift 2019-02-27 10:08:57 +01:00
auxdisplay auxdisplay: hd44780: Fix memory leak on ->remove() 2019-04-20 09:15:55 +02:00
base x86/speculation/mds: Add sysfs reporting for MDS 2019-05-14 19:17:56 +02:00
bcma
block virtio-blk: limit number of hw queues by nr_cpu_ids 2019-05-10 17:54:09 +02:00
bluetooth Bluetooth: mediatek: fix up an error path to restore bdev->tx_state 2019-05-08 07:21:52 +02:00
bus
cdrom cdrom: Fix race condition in cdrom_sysctl_register 2019-04-05 22:33:10 +02:00
char ipmi: ipmi_si_hardcode.c: init si_type array to fix a crash 2019-05-16 19:41:23 +02:00
clk clk: meson-gxbb: round the vdec dividers to closest 2019-05-10 17:54:06 +02:00
clocksource clocksource/drivers/oxnas: Fix OX820 compatible 2019-05-16 19:41:21 +02:00
connector connector: fix unsafe usage of ->real_parent 2019-03-19 13:12:38 +01:00
cpufreq x86/cpu: Sanitize FAM6_ATOM naming 2019-05-14 19:17:53 +02:00
cpuidle cpuidle: big.LITTLE: fix refcount leak 2019-02-12 19:47:08 +01:00
crypto crypto: ccree - handle tee fips error during power management resume 2019-05-22 07:37:40 +02:00
dax mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses 2019-05-22 07:37:40 +02:00
dca
devfreq
dio
dma dmaengine: sh: rcar-dmac: Fix glitch in dmaengine_tx_status 2019-05-02 09:58:55 +02:00
dma-buf
edac x86/cpu: Sanitize FAM6_ATOM naming 2019-05-14 19:17:53 +02:00
eisa
extcon
firewire
firmware efi: Fix debugobjects warning on 'efi_rts_work' 2019-05-08 07:21:44 +02:00
fmc
fpga fpga: altera-cvp: fix 'bad IO access' on x86_64 2019-02-12 19:46:59 +01:00
fsi fsi: master-ast-cf: select GENERIC_ALLOCATOR 2018-12-17 09:24:35 +01:00
gnss gnss: sirf: fix premature wakeup interrupt enable 2019-03-10 07:17:21 +01:00
gpio gpio: mxc: add check to return defer probe if clock tree NOT ready 2019-05-08 07:21:53 +02:00
gpu drm/sun4i: Unbind components before releasing DRM and memory 2019-05-16 19:41:25 +02:00
hid HID: input: add mapping for "Toggle Display" key 2019-05-16 19:41:19 +02:00
hsi
hv Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in hv_synic_cleanup() 2019-05-10 17:54:04 +02:00
hwmon hwmon: (pwm-fan) Disable PWM if fetching cooling data fails 2019-05-16 19:41:18 +02:00
hwspinlock
hwtracing intel_th: pci: Add Comet Lake support 2019-05-10 17:54:10 +02:00
i2c i2c: i2c-stm32f7: Fix SDADEL minimum formula 2019-05-08 07:21:55 +02:00
ide ide: fix a typo in the settings proc file name 2019-01-31 08:14:42 +01:00
idle x86/cpu: Sanitize FAM6_ATOM naming 2019-05-14 19:17:53 +02:00
iio iio: adc: xilinx: prevent touching unclocked h/w on remove 2019-05-16 19:41:19 +02:00
infiniband RDMA/hns: Bugfix for mapping user db 2019-05-16 19:41:25 +02:00
input Input: synaptics-rmi4 - fix possible double free 2019-05-16 19:41:25 +02:00
iommu iommu/amd: Set exclusion range correctly 2019-05-10 17:54:10 +02:00
ipack
irqchip MIPS: perf: ath79: Fix perfcount IRQ assignment 2019-05-16 19:41:24 +02:00
isdn isdn: bas_gigaset: use usb_fill_int_urb() properly 2019-05-16 19:41:31 +02:00
leds leds: trigger: netdev: use memcpy in device_name_store 2019-05-04 09:20:22 +02:00
lightnvm lightnvm: pblk: add lock protection to list operations 2019-02-12 19:47:08 +01:00
macintosh
mailbox mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush timeout issue 2019-03-23 20:09:49 +01:00
mcb
md bcache: fix a race between cache register and cacheset unregister 2019-05-22 07:37:43 +02:00
media media: v4l2: i2c: ov7670: Fix PLL bypass register values 2019-05-08 07:21:55 +02:00
memory
memstick memstick: Prevent memstick host from getting runtime suspended during card detection 2019-02-12 19:47:10 +01:00
message
mfd mfd: twl-core: Disable IRQ while suspended 2019-05-08 07:21:48 +02:00
misc lkdtm: Add tests for NULL pointer dereference 2019-04-20 09:16:04 +02:00
mmc mmc: core: Fix tag set memory leak 2019-05-22 07:37:37 +02:00
mtd mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write 2019-05-22 07:37:41 +02:00
mux
net tuntap: synchronize through tfiles array instead of tun->numqueues 2019-05-16 19:41:30 +02:00
nfc spi: ST ST95HF NFC: declare missing of table 2019-05-16 19:41:25 +02:00
ntb
nubus
nvdimm libnvdimm/pmem: fix a possible OOB access when read and write pmem 2019-05-16 19:41:20 +02:00
nvme nvme-fc: correct csn initialization and increments on error 2019-05-10 17:54:09 +02:00
nvmem nvmem: check the return value of nvmem_add_cells() 2018-11-13 11:08:35 -08:00
of of: overlay: do not duplicate properties from overlay for new nodes 2019-02-06 17:30:16 +01:00
opp OPP: Use opp_table->regulators to verify no regulator case 2019-02-12 19:47:08 +01:00
oprofile
parisc
parport parport_pc: fix find_superio io compare code, should use equal test. 2019-03-23 20:10:05 +01:00
pci PCI: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary 2019-05-16 19:41:32 +02:00
pcmcia pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges 2018-11-13 11:08:17 -08:00
perf perf/aux: Make perf_event accessible to setup_aux() 2019-04-05 22:33:11 +02:00
phy phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs 2019-04-03 06:26:27 +02:00
pinctrl pinctrl: core: make sure strcmp() doesn't get a null parameter 2019-04-20 09:16:01 +02:00
platform platform/x86: dell-laptop: fix rfkill functionality 2019-05-16 19:41:18 +02:00
pnp
power power: supply: axp288_fuel_gauge: Add ACEPC T8 and T11 mini PCs to the blacklist 2019-05-22 07:37:35 +02:00
powercap x86/cpu: Sanitize FAM6_ATOM naming 2019-05-14 19:17:53 +02:00
pps
ps3
ptp ptp: Fix pass zero to ERR_PTR() in ptp_clock_register 2019-02-12 19:47:01 +01:00
pwm
rapidio
ras
regulator regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting 2019-04-05 22:33:15 +02:00
remoteproc remoteproc: qcom: q6v5: Propagate EPROBE_DEFER 2018-11-13 11:08:52 -08:00
reset reset: meson-audio-arb: Fix missing .owner setting of reset_controller_dev 2019-05-08 07:21:47 +02:00
rpmsg rpmsg: smd: fix memory leak on channel create 2018-11-13 11:08:55 -08:00
rtc rtc: da9063: set uie_unsupported when relevant 2019-05-08 07:21:49 +02:00
s390 s390: ctcm: fix ctcm_new_device error return code 2019-05-16 19:41:24 +02:00
sbus drivers/sbus/char: add of_node_put() 2018-12-21 14:15:17 +01:00
scsi scsi: aic7xxx: fix EISA support 2019-05-16 19:41:23 +02:00
sfi
sh
siox
slimbus slimbus: ngd: mark PM functions as __maybe_unused 2018-12-19 19:19:49 +01:00
sn
soc soc: sunxi: Fix missing dependency on REGMAP_MMIO 2019-05-10 17:54:10 +02:00
soundwire
spi spi: pxa2xx: Setup maximum supported DMA transfer length 2019-03-23 20:09:57 +01:00
spmi
ssb
staging staging: most: cdev: fix chrdev_region leak in mod_exit 2019-05-10 17:54:05 +02:00
target scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock 2019-03-23 20:09:59 +01:00
tc TC: Set DMA masks for devices 2018-11-13 11:08:51 -08:00
tee tee: optee: avoid possible double list_del() 2019-02-12 19:47:08 +01:00
thermal x86/cpu: Sanitize FAM6_ATOM naming 2019-05-14 19:17:53 +02:00
thunderbolt thunderbolt: Prevent root port runtime suspend during NVM upgrade 2018-12-17 09:24:36 +01:00
tty tty/vt: fix write/write race in ioctl(KDSKBSENT) handler 2019-05-22 07:37:41 +02:00
uio uio: Fix an Oops on load 2018-11-27 16:13:09 +01:00
usb usb: typec: Fix unchecked return value 2019-05-16 19:41:26 +02:00
uwb
vfio vfio/pci: use correct format characters 2019-05-08 07:21:49 +02:00
vhost vhost: reject zero size iova range 2019-04-27 09:36:31 +02:00
video backlight: pwm_bl: Use gpiod_get_value_cansleep() to get initial state 2019-04-05 22:33:13 +02:00
virt drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl 2019-05-16 19:41:31 +02:00
virtio virtio_pci: fix a NULL pointer reference in vp_del_vqs 2019-05-10 17:54:08 +02:00
visorbus
vlynq
vme
w1 USB: w1 ds2490: Fix bug caused by improper use of altsetting array 2019-05-08 07:21:43 +02:00
watchdog watchdog: mt7621_wdt/rt2880_wdt: Fix compilation problem 2019-02-27 10:08:52 +01:00
xen fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock 2019-05-08 07:21:51 +02:00
zorro
Kconfig
Makefile