linux

mirror of https://github.com/torvalds/linux.git synced 2026-06-07 14:04:54 +02:00

History

Yanfei Xu 81ec07b6b9 UPSTREAM: blkcg: fix memory leak in blk_iolatency_init BUG: memory leak unreferenced object 0xffff888129acdb80 (size 96): comm "syz-executor.1", pid 12661, jiffies 4294962682 (age 15.220s) hex dump (first 32 bytes): 20 47 c9 85 ff ff ff ff 20 d4 8e 29 81 88 ff ff G...... ..).... 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff82264ec8>] kmalloc include/linux/slab.h:591 [inline] [<ffffffff82264ec8>] kzalloc include/linux/slab.h:721 [inline] [<ffffffff82264ec8>] blk_iolatency_init+0x28/0x190 block/blk-iolatency.c:724 [<ffffffff8225b8c4>] blkcg_init_queue+0xb4/0x1c0 block/blk-cgroup.c:1185 [<ffffffff822253da>] blk_alloc_queue+0x22a/0x2e0 block/blk-core.c:566 [<ffffffff8223b175>] blk_mq_init_queue_data block/blk-mq.c:3100 [inline] [<ffffffff8223b175>] __blk_mq_alloc_disk+0x25/0xd0 block/blk-mq.c:3124 [<ffffffff826a9303>] loop_add+0x1c3/0x360 drivers/block/loop.c:2344 [<ffffffff826a966e>] loop_control_get_free drivers/block/loop.c:2501 [inline] [<ffffffff826a966e>] loop_control_ioctl+0x17e/0x2e0 drivers/block/loop.c:2516 [<ffffffff81597eec>] vfs_ioctl fs/ioctl.c:51 [inline] [<ffffffff81597eec>] __do_sys_ioctl fs/ioctl.c:874 [inline] [<ffffffff81597eec>] __se_sys_ioctl fs/ioctl.c:860 [inline] [<ffffffff81597eec>] __x64_sys_ioctl+0xfc/0x140 fs/ioctl.c:860 [<ffffffff843fa745>] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [<ffffffff843fa745>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 [<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae Once blk_throtl_init() queue init failed, blkcg_iolatency_exit() will not be invoked for cleanup. That leads a memory leak. Swap the blk_throtl_init() and blk_iolatency_init() calls can solve this. Reported-by: syzbot+01321b15cc98e6bf96d6@syzkaller.appspotmail.com Fixes: `19688d7f95` (block/blk-cgroup: Swap the blk_throtl_init() and blk_iolatency_init() calls) Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com> Acked-by: Tejun Heo <tj@kernel.org> Link: https://lore.kernel.org/r/20210915072426.4022924-1-yanfei.xu@windriver.com Signed-off-by: Jens Axboe <axboe@kernel.dk> (cherry picked from commit `6f5ddde410`) Bug: 187129171 Signed-off-by: Connor O'Brien <connoro@google.com> Change-Id: Iab43b3eb06493e8200b7796f957932f6f37e1a3d		2022-02-11 17:30:24 -08:00
..
partitions	partitions: msdos: fix one-byte get_unaligned()	2021-07-20 16:05:39 +02:00
badblocks.c	treewide: Use fallthrough pseudo-keyword	2020-08-23 17:36:59 -05:00
bfq-cgroup.c	bfq: fix blkio cgroup leakage v4	2020-08-18 07:48:08 -07:00
bfq-iosched.c	This is the 5.10.71 stable release	2021-10-06 17:33:06 +02:00
bfq-iosched.h	bfq: fix blkio cgroup leakage v4	2020-08-18 07:48:08 -07:00
bfq-wf2q.c	bfq: fix blkio cgroup leakage v4	2020-08-18 07:48:08 -07:00
bio-integrity.c	block: make function __bio_integrity_free() static	2020-07-02 12:38:18 -06:00
bio.c	bio: fix page leak bio_add_hw_page failure	2021-09-15 09:50:47 +02:00
blk-cgroup-rwstat.c	blk-cgroup: Fix the recursive blkg rwstat	2021-03-30 14:31:48 +02:00
blk-cgroup-rwstat.h
blk-cgroup.c	UPSTREAM: blkcg: fix memory leak in blk_iolatency_init	2022-02-11 17:30:24 -08:00
blk-core.c	ANDROID: block: export tracepoints	2021-11-18 08:19:22 +00:00
blk-crypto-fallback.c	Merge commit `382625d0d4` ("Merge tag 'for-5.9/block-20200802' of git://git.kernel.dk/linux-block") into android-mainline	2020-08-06 10:07:17 -07:00
blk-crypto-internal.h	block: make blk_crypto_rq_bio_prep() able to fail	2020-10-05 10:47:43 -06:00
blk-crypto.c	This is the 5.10.65 stable release	2021-09-15 14:16:47 +02:00
blk-exec.c
blk-flush.c	blk-mq: fix is_flush_rq	2021-09-12 08:58:27 +02:00
blk-integrity.c	block: flush the integrity workqueue in blk_integrity_unregister	2021-09-30 10:11:06 +02:00
blk-ioc.c	block: remove retry loop in ioc_release_fn()	2020-07-16 10:22:15 -06:00
blk-iocost.c	blk-iocost: fix lockdep warning on blkcg->lock	2021-09-03 10:09:22 +02:00
blk-iolatency.c	blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit()	2021-08-12 13:22:08 +02:00
blk-ioprio.c	FROMGIT: block: Introduce the ioprio rq-qos policy	2021-07-01 22:31:51 -07:00
blk-ioprio.h	FROMGIT: block: Introduce the ioprio rq-qos policy	2021-07-01 22:31:51 -07:00
blk-lib.c	block: add a bdev_is_partition helper	2020-09-25 08:18:57 -06:00
blk-map.c	block: fix bmd->is_null_mapped initialization	2020-09-23 09:18:39 -06:00
blk-merge.c	block: return ELEVATOR_DISCARD_MERGE if possible	2021-09-15 09:50:28 +02:00
blk-mq-cpumap.c	blk-mq: remove the calling of local_memory_node()	2020-10-20 07:08:17 -06:00
blk-mq-debugfs-zoned.c
blk-mq-debugfs.c	This is the 5.10.76 stable release	2021-10-27 10:43:17 +02:00
blk-mq-debugfs.h
blk-mq-pci.c
blk-mq-rdma.c
blk-mq-sched.c	Revert "treewide: Change list_sort to use const pointers"	2021-10-04 11:07:40 +02:00
blk-mq-sched.h	block-5.10-2020-10-12	2020-10-13 12:12:44 -07:00
blk-mq-sysfs.c	blk-mq: move cancel of hctx->run_work to the front of blk_exit_queue	2020-10-09 12:46:28 -06:00
blk-mq-tag.c	blk-mq: avoid to iterate over stale request	2021-09-30 10:11:05 +02:00
blk-mq-tag.h	blk-mq: clear stale request in tags->rq[] before freeing one request pool	2021-07-14 16:55:58 +02:00
blk-mq-virtio.c
blk-mq.c	This is the 5.10.80 stable release	2021-11-19 11:50:41 +01:00
blk-mq.h	blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter	2021-07-14 16:55:58 +02:00
blk-pm.c	scsi: block: Fix a race in the runtime power management code	2021-01-06 14:56:50 +01:00
blk-pm.h	ANDROID: Revert "scsi: block: Do not accept any requests while suspended"	2021-07-13 10:52:35 -07:00
blk-rq-qos.c	rq-qos: fix missed wake-ups in rq_qos_throttle try two	2021-07-19 09:45:00 +02:00
blk-rq-qos.h	This is the 5.10.50 stable release	2021-07-14 17:35:23 +02:00
blk-settings.c	Revert "BACKPORT: bio: limit bio max size"	2021-05-11 09:34:37 -07:00
blk-stat.c	blk-stat: make q->stats->lock irqsafe	2020-09-01 16:48:46 -06:00
blk-stat.h
blk-sysfs.c	blk-mq: move cancel of hctx->run_work to the front of blk_exit_queue	2020-10-09 12:46:28 -06:00
blk-throttle.c	blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()	2021-09-26 14:09:01 +02:00
blk-timeout.c	block: blk-timeout: delete duplicated word	2020-07-31 16:29:47 -06:00
blk-wbt.c	blk-wbt: make sure throttle is enabled properly	2021-07-14 16:56:12 +02:00
blk-wbt.h	blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled()	2021-07-14 16:56:12 +02:00
blk-zoned.c	blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN	2021-09-18 13:40:06 +02:00
blk.h	block: bump max plugged deferred size from 16 to 32	2021-11-18 14:03:57 +01:00
bounce.c	block: make bio_crypt_clone() able to fail	2020-10-05 10:47:43 -06:00
bsg-lib.c	block: drop double zeroing	2020-09-23 09:18:13 -06:00
bsg.c	Merge 5.10.67 into android12-5.10-lts	2021-09-30 12:21:03 +02:00
cmdline-parser.c
elevator.c	This is the 5.10.65 stable release	2021-09-15 14:16:47 +02:00
genhd.c	block: Suppress uevent for hidden device when removed	2021-03-30 14:31:52 +02:00
ioctl.c	block: return -EBUSY when there are open partitions in blkdev_reread_part	2021-04-28 13:39:59 +02:00
ioprio.c	Revert "block: grant IOPRIO_CLASS_RT to CAP_SYS_NICE"	2020-10-24 17:30:14 +02:00
Kconfig	FROMGIT: block: Introduce the ioprio rq-qos policy	2021-07-01 22:31:51 -07:00
Kconfig.iosched	FROMGIT: block/mq-deadline: Add cgroup support	2021-07-01 22:31:54 -07:00
keyslot-manager.c	UPSTREAM: block/keyslot-manager: introduce devm_blk_ksm_init()	2021-02-23 08:10:56 +01:00
kyber-iosched.c	FROMGIT: blk-mq: Improve performance of non-mq IO schedulers with multiple HW queues	2021-07-01 22:31:49 -07:00
Makefile	FROMGIT: block/mq-deadline: Add cgroup support	2021-07-01 22:31:54 -07:00
mq-deadline-cgroup.c	FROMGIT: block/mq-deadline: Add cgroup support	2021-07-01 22:31:54 -07:00
mq-deadline-cgroup.h	FROMGIT: block/mq-deadline: Add cgroup support	2021-07-01 22:31:54 -07:00
mq-deadline-main.c	This is the 5.10.65 stable release	2021-09-15 14:16:47 +02:00
opal_proto.h
scsi_ioctl.c	Revert "Revert "iov_iter: transparently handle compat iovecs in import_iovec""	2020-11-02 09:27:36 +01:00
sed-opal.c
t10-pi.c