github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-07 05:55:44 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
c2da049f41
linux/drivers/block
History
Li Nan c2da049f41 nbd: fix null-ptr-dereference while accessing 'nbd->config' 
Memory reordering may occur in nbd_genl_connect(), causing config_refs
to be set to 1 while nbd->config is still empty. Opening nbd at this
time will cause null-ptr-dereference.

   T1                      T2
   nbd_open
    nbd_get_config_unlocked
                 	   nbd_genl_connect
                 	    nbd_alloc_and_init_config
                 	     //memory reordered
                  	     refcount_set(&nbd->config_refs, 1)  // 2
     nbd->config
      ->null point
			     nbd->config = config  // 1

Fix it by adding smp barrier to guarantee the execution sequence.

Signed-off-by: Li Nan <linan122@huawei.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Link: https://lore.kernel.org/r/20231116162316.1740402-4-linan666@huaweicloud.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2023-11-20 10:16:44 -07:00
..
aoe aoe: replace strncpy with strscpy 2023-10-03 18:23:48 -06:00
drbd hardening updates for v6.7-rc1 2023-10-30 19:09:55 -10:00
mtip32xx block: replace fmode_t with a block-specific type for block open flags 2023-06-12 08:04:05 -06:00
null_blk null_blk: replace strncpy with strscpy 2023-10-03 18:23:02 -06:00
rnbd rnbd-srv: Convert to use bdev_open_by_path() 2023-10-28 13:29:17 +02:00
xen-blkback xen/blkback: Convert to bdev_open_by_dev() 2023-10-28 13:29:17 +02:00
zram zram: Convert to use bdev_open_by_dev() 2023-10-28 13:29:17 +02:00
amiflop.c amiflop: don't call fsync_bdev in FDFMTBEG 2023-08-21 14:35:31 +02:00
ataflop.c block: move bdev_mark_dead out of disk_check_media_change 2023-10-28 13:29:23 +02:00
brd.c brd: use cond_resched instead of cond_resched_rcu 2023-06-14 11:13:07 -06:00
floppy.c block: move bdev_mark_dead out of disk_check_media_change 2023-10-28 13:29:23 +02:00
Kconfig block: ublk: switch to ioctl command encoding 2023-04-18 20:13:30 -06:00
loop.c v6.6-vfs.super 2023-08-28 11:04:18 -07:00
Makefile Revert "pktcdvd: remove driver." 2023-01-04 14:44:13 -07:00
n64cart.c block: remove blk_cleanup_disk 2022-06-28 06:33:15 -06:00
nbd.c nbd: fix null-ptr-dereference while accessing 'nbd->config' 2023-11-20 10:16:44 -07:00
pktcdvd.c pktcdvd: Convert to bdev_open_by_dev() 2023-10-28 13:29:17 +02:00
ps3disk.c block: remove blk_cleanup_disk 2022-06-28 06:33:15 -06:00
ps3vram.c ps3vram: remove bio splitting 2023-01-29 15:18:35 -07:00
rbd_types.h
rbd.c rbd: take header_rwsem in rbd_dev_refresh() only when updating 2023-09-26 10:33:19 +02:00
sunvdc.c block: replace fmode_t with a block-specific type for block open flags 2023-06-12 08:04:05 -06:00
swim_asm.S
swim.c swim: fix a missing FMODE_ -> BLK_OPEN_ conversion in floppy_open 2023-06-20 07:16:04 -06:00
swim3.c swim3: mark swim3_init() static 2023-08-10 08:32:59 -06:00
ublk_drv.c block: ublk_drv: Remove unused function 2023-10-19 05:24:02 -06:00
virtio_blk.c vhost,virtio,vdpa: features, fixes, cleanups 2023-11-05 09:02:32 -10:00
xen-blkfront.c for-6.5/block-2023-06-23 2023-06-26 12:47:20 -07:00
z2ram.c block: replace fmode_t with a block-specific type for block open flags 2023-06-12 08:04:05 -06:00