github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 22:52:35 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
fe76407da7
linux/drivers
History
Mikulas Patocka 12e6e9c2a5 block: fix a probe argument to blk_register_region 
commit a207f59376 upstream.

The probe function is supposed to return NULL on failure (as we can see in
kobj_lookup: kobj = probe(dev, index, data); ... if (kobj) return kobj;

However, in loop and brd, it returns negative error from ERR_PTR.

This causes a crash if we simulate disk allocation failure and run
less -f /dev/loop0 because the negative number is interpreted as a pointer:

BUG: unable to handle kernel NULL pointer dereference at 00000000000002b4
IP: [<ffffffff8118b188>] __blkdev_get+0x28/0x450
PGD 23c677067 PUD 23d6d1067 PMD 0
Oops: 0000 [#1] PREEMPT SMP
Modules linked in: loop hpfs nvidia(PO) ip6table_filter ip6_tables uvesafb cfbcopyarea cfbimgblt cfbfillrect fbcon font bitblit fbcon_rotate fbcon_cw fbcon_ud fbcon_ccw softcursor fb fbdev msr ipt_MASQUERADE iptable_nat nf_nat_ipv4 nf_conntrack_ipv4 nf_defrag_ipv4 xt_state ipt_REJECT xt_tcpudp iptable_filter ip_tables x_tables bridge stp llc tun ipv6 cpufreq_stats cpufreq_ondemand cpufreq_userspace cpufreq_powersave cpufreq_conservative hid_generic spadfs usbhid hid fuse raid0 snd_usb_audio snd_pcm_oss snd_mixer_oss md_mod snd_pcm snd_timer snd_page_alloc snd_hwdep snd_usbmidi_lib dmi_sysfs snd_rawmidi nf_nat_ftp nf_nat nf_conntrack_ftp nf_conntrack snd soundcore lm85 hwmon_vid ohci_hcd ehci_pci ehci_hcd serverworks sata_svw libata acpi_cpufreq freq_table mperf ide_core usbcore kvm_amd kvm tg3 i2c_piix4 libphy microcode e100 usb_common ptp skge i2c_core pcspkr k10temp evdev floppy hwmon pps_core mii rtc_cmos button processor unix [last unloaded: nvidia]
CPU: 1 PID: 6831 Comm: less Tainted: P        W  O 3.10.15-devel #18
Hardware name: empty empty/S3992-E, BIOS 'V1.06   ' 06/09/2009
task: ffff880203cc6bc0 ti: ffff88023e47c000 task.ti: ffff88023e47c000
RIP: 0010:[<ffffffff8118b188>]  [<ffffffff8118b188>] __blkdev_get+0x28/0x450
RSP: 0018:ffff88023e47dbd8  EFLAGS: 00010286
RAX: ffffffffffffff74 RBX: ffffffffffffff74 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
RBP: ffff88023e47dc18 R08: 0000000000000002 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88023f519658
R13: ffffffff8118c300 R14: 0000000000000000 R15: ffff88023f519640
FS:  00007f2070bf7700(0000) GS:ffff880247400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000000002b4 CR3: 000000023da1d000 CR4: 00000000000007e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Stack:
 0000000000000002 0000001d00000000 000000003e47dc50 ffff88023f519640
 ffff88043d5bb668 ffffffff8118c300 ffff88023d683550 ffff88023e47de60
 ffff88023e47dc98 ffffffff8118c10d 0000001d81605698 0000000000000292
Call Trace:
 [<ffffffff8118c300>] ? blkdev_get_by_dev+0x60/0x60
 [<ffffffff8118c10d>] blkdev_get+0x1dd/0x370
 [<ffffffff8118c300>] ? blkdev_get_by_dev+0x60/0x60
 [<ffffffff813cea6c>] ? _raw_spin_unlock+0x2c/0x50
 [<ffffffff8118c300>] ? blkdev_get_by_dev+0x60/0x60
 [<ffffffff8118c365>] blkdev_open+0x65/0x80
 [<ffffffff8114d12e>] do_dentry_open.isra.18+0x23e/0x2f0
 [<ffffffff8114d214>] finish_open+0x34/0x50
 [<ffffffff8115e122>] do_last.isra.62+0x2d2/0xc50
 [<ffffffff8115eb58>] path_openat.isra.63+0xb8/0x4d0
 [<ffffffff81115a8e>] ? might_fault+0x4e/0xa0
 [<ffffffff8115f4f0>] do_filp_open+0x40/0x90
 [<ffffffff813cea6c>] ? _raw_spin_unlock+0x2c/0x50
 [<ffffffff8116db85>] ? __alloc_fd+0xa5/0x1f0
 [<ffffffff8114e45f>] do_sys_open+0xef/0x1d0
 [<ffffffff8114e559>] SyS_open+0x19/0x20
 [<ffffffff813cff16>] system_call_fastpath+0x1a/0x1f
Code: 44 00 00 55 48 89 e5 41 57 49 89 ff 41 56 41 89 d6 41 55 41 54 4c 8d 67 18 53 48 83 ec 18 89 75 cc e9 f2 00 00 00 0f 1f 44 00 00 <48> 8b 80 40 03 00 00 48 89 df 4c 8b 68 58 e8 d5
a4 07 00 44 89
RIP  [<ffffffff8118b188>] __blkdev_get+0x28/0x450
 RSP <ffff88023e47dbd8>
CR2: 00000000000002b4
---[ end trace bb7f32dbf02398dc ]---

The brd change should be backported to stable kernels starting with 2.6.25.
The loop change should be backported to stable kernels starting with 2.6.22.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-11-29 11:11:50 -08:00
..
accessibility
acpi ACPI / hotplug: Do not execute "insert in progress" _OST 2013-11-29 11:11:43 -08:00
amba
ata libata: make ata_eh_qc_retry() bump scmd->allowed on bogus failures 2013-11-13 12:05:31 +09:00
atm
auxdisplay
base driver core : Fix use after free of dev->parent in device_shutdown 2013-10-05 07:13:11 -07:00
bcma
block block: fix a probe argument to blk_register_region 2013-11-29 11:11:50 -08:00
bluetooth Bluetooth: Add support for BCM20702A0 [0b05, 17cb] 2013-10-13 16:08:32 -07:00
bus
cdrom drivers/cdrom/cdrom.c: use kzalloc() for failing hardware 2013-07-13 11:42:26 -07:00
char random: run random_int_secret_init() run after all late_initcalls 2013-10-18 07:45:44 -07:00
clk clk: fixup argument order when setting VCO parameters 2013-11-13 12:05:33 +09:00
clocksource clocksource: dw_apb: Fix error check 2013-07-25 14:07:29 -07:00
connector connector: use nlmsg_len() to check message length 2013-11-04 04:31:02 -08:00
cpufreq cpufreq / intel_pstate: Fix max_perf_pct on resume 2013-11-13 12:05:30 +09:00
cpuidle cpuidle: coupled: fix race condition between pokes and safe state 2013-09-26 17:18:02 -07:00
crypto crypto: caam - Fixed the memory out of bound overwrite issue 2013-08-04 16:50:57 +08:00
dca
devfreq
dio
dma dmaengine: imx-dma: fix slow path issue in prep_dma_cyclic 2013-10-13 16:08:34 -07:00
edac amd64_edac: Fix single-channel setups 2013-09-26 17:18:28 -07:00
eisa
extcon
firewire firewire: fix libdc1394/FlyCap2 iso event regression 2013-08-04 16:50:38 +08:00
firmware
gpio gpio/lynxpoint: check if the interrupt is enabled in IRQ handler 2013-11-04 04:31:06 -08:00
gpu drm/nva3-/disp: fix hda eld writing, needs to be padded 2013-11-29 11:11:41 -08:00
hid HID: uhid: allocate static minor 2013-10-13 16:08:35 -07:00
hsi
hv Drivers: hv: balloon: Do not post pressure status if interrupted 2013-08-04 16:50:58 +08:00
hwmon hwmon: (lm90) Fix max6696 alarm handling 2013-11-29 11:11:50 -08:00
hwspinlock
i2c i2c: ismt: initialize DMA buffer 2013-11-04 04:31:06 -08:00
ide
idle sched, idle: Fix the idle polling state logic 2013-11-29 11:11:42 -08:00
iio iio: inkern: fix iio_convert_raw_to_processed_unlocked 2013-07-25 14:07:23 -07:00
infiniband ib_srpt: always set response for task management 2013-10-13 16:08:33 -07:00
input HID: Correct the USB IDs for the new Macbook Air 6 2013-09-26 17:18:15 -07:00
iommu intel-iommu: Fix leaks in pagetable freeing 2013-09-26 17:18:27 -07:00
ipack
irqchip ARM: SoC fixes for 3.10-rc 2013-06-22 09:44:45 -10:00
isdn
leds leds: wm831x-status: Request a REG resource 2013-09-26 17:18:27 -07:00
lguest
macintosh powerpc/windfarm: Fix noisy slots-fan on Xserve (rm31) 2013-08-11 18:35:20 -07:00
mailbox
md md: Fix skipping recovery for read-only arrays. 2013-11-13 12:05:32 +09:00
media media: sh_vou: almost forever loop in sh_vou_try_fmt_vid_out() 2013-11-20 12:27:48 -08:00
memory
memstick
message
mfd mfd: tps6586x: correct device name of the regulator cell 2013-06-24 12:37:47 +01:00
misc misc: atmel_pwm: add deferred-probing support 2013-11-20 12:27:47 -08:00
mmc mmc: tmio_mmc_dma: fix PIO fallback on SDHI 2013-09-26 17:18:29 -07:00
mtd mtd: nand: fix NAND_BUSWIDTH_AUTO for x16 devices 2013-09-26 17:18:29 -07:00
net rt2x00: fix HT TX descriptor settings regression 2013-11-29 11:11:44 -08:00
nfc
ntb NTB: Correct debugfs to work with more than 1 NTB Device 2013-11-13 12:05:35 +09:00
nubus
of of: Fix missing memory initialization on FDT unflattening 2013-09-26 17:18:29 -07:00
oprofile
parisc parisc: Fix interrupt routing for C8000 serial ports 2013-08-11 18:35:21 -07:00
parport parisc: parport0: fix this legacy no-device port driver! 2013-06-01 14:46:42 +02:00
pci PCI: Support PCIe Capability Slot registers only for ports with slots 2013-11-29 11:11:42 -08:00
pcmcia pcmcia: at91_cf: fix gpio_get_value in at91_cf_get_status 2013-07-21 18:21:25 -07:00
pinctrl pinctrl: at91: fix get_pullup/down function return 2013-09-26 17:18:14 -07:00
platform drivers/platform/olpc/olpc-ec.c: initialise earlier 2013-08-29 09:47:38 -07:00
pnp
power charger-manager: Ensure event is not used as format string 2013-07-13 11:42:26 -07:00
pps
ps3
ptp ptp_pch: fix error handling in pch_probe() 2013-05-25 21:24:15 -07:00
pwm
rapidio RAPIDIO: IDT_GEN2: Fix build error. 2013-07-28 16:30:07 -07:00
regulator mfd: tps6586x: correct device name of the regulator cell 2013-06-24 12:37:47 +01:00
remoteproc
reset
rpmsg
rtc drivers/rtc/rtc-max77686.c: Fix wrong register 2013-09-14 06:54:57 -07:00
s390 SCSI: zfcp: fix schedule-inside-lock in scsi_device list loops 2013-08-29 09:47:39 -07:00
sbus
scsi aacraid: prevent invalid pointer dereference 2013-11-29 11:11:40 -08:00
sfi
sh
sn
spi spi: spi-davinci: Fix direction in dma_map_single() 2013-08-11 18:35:25 -07:00
ssb
ssbi
staging staging: wlags49_h2: buffer overflow setting station name 2013-11-13 12:05:33 +09:00
target target/pscsi: fix return value check 2013-11-13 12:05:32 +09:00
tc
thermal
tty serial: vt8500: add missing braces 2013-11-04 04:31:06 -08:00
uio Fix a few incorrectly checked [io_]remap_pfn_range() calls 2013-11-13 12:05:33 +09:00
usb USB: mos7840: fix tiocmget error handling 2013-11-29 11:11:40 -08:00
uwb
vfio vfio: fix crash on rmmod 2013-06-05 08:54:16 -06:00
vhost vhost/scsi: Fix incorrect usage of get_user_pages_fast write parameter 2013-11-13 12:05:32 +09:00
video backlight: atmel-pwm-bl: fix deferred probe from __init 2013-11-20 12:27:47 -08:00
virt
virtio virtio: support unlocked queue poll 2013-07-28 16:29:55 -07:00
vlynq
vme
w1
watchdog watchdog: ts72xx_wdt: locking bug in ioctl 2013-10-18 07:45:45 -07:00
xen xen-gnt: prevent adding duplicate gnt callbacks 2013-09-26 17:18:02 -07:00
zorro
Kconfig
Makefile