From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Michal Simek <michal.simek@xilinx.com>,
Guenter Roeck <linux@roeck-us.net>, Jens Axboe <axboe@kernel.dk>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.19 65/99] xsysace: Fix error handling in ace_setup
Date: Mon, 6 May 2019 16:32:38 +0200 [thread overview]
Message-ID: <20190506143100.027909452@linuxfoundation.org> (raw)
In-Reply-To: <20190506143053.899356316@linuxfoundation.org>
[ Upstream commit 47b16820c490149c2923e8474048f2c6e7557cab ]
If xace hardware reports a bad version number, the error handling code
in ace_setup() calls put_disk(), followed by queue cleanup. However, since
the disk data structure has the queue pointer set, put_disk() also
cleans and releases the queue. This results in blk_cleanup_queue()
accessing an already released data structure, which in turn may result
in a crash such as the following.
[ 10.681671] BUG: Kernel NULL pointer dereference at 0x00000040
[ 10.681826] Faulting instruction address: 0xc0431480
[ 10.682072] Oops: Kernel access of bad area, sig: 11 [#1]
[ 10.682251] BE PAGE_SIZE=4K PREEMPT Xilinx Virtex440
[ 10.682387] Modules linked in:
[ 10.682528] CPU: 0 PID: 1 Comm: swapper Tainted: G W 5.0.0-rc6-next-20190218+ #2
[ 10.682733] NIP: c0431480 LR: c043147c CTR: c0422ad8
[ 10.682863] REGS: cf82fbe0 TRAP: 0300 Tainted: G W (5.0.0-rc6-next-20190218+)
[ 10.683065] MSR: 00029000 <CE,EE,ME> CR: 22000222 XER: 00000000
[ 10.683236] DEAR: 00000040 ESR: 00000000
[ 10.683236] GPR00: c043147c cf82fc90 cf82ccc0 00000000 00000000 00000000 00000002 00000000
[ 10.683236] GPR08: 00000000 00000000 c04310bc 00000000 22000222 00000000 c0002c54 00000000
[ 10.683236] GPR16: 00000000 00000001 c09aa39c c09021b0 c09021dc 00000007 c0a68c08 00000000
[ 10.683236] GPR24: 00000001 ced6d400 ced6dcf0 c0815d9c 00000000 00000000 00000000 cedf0800
[ 10.684331] NIP [c0431480] blk_mq_run_hw_queue+0x28/0x114
[ 10.684473] LR [c043147c] blk_mq_run_hw_queue+0x24/0x114
[ 10.684602] Call Trace:
[ 10.684671] [cf82fc90] [c043147c] blk_mq_run_hw_queue+0x24/0x114 (unreliable)
[ 10.684854] [cf82fcc0] [c04315bc] blk_mq_run_hw_queues+0x50/0x7c
[ 10.685002] [cf82fce0] [c0422b24] blk_set_queue_dying+0x30/0x68
[ 10.685154] [cf82fcf0] [c0423ec0] blk_cleanup_queue+0x34/0x14c
[ 10.685306] [cf82fd10] [c054d73c] ace_probe+0x3dc/0x508
[ 10.685445] [cf82fd50] [c052d740] platform_drv_probe+0x4c/0xb8
[ 10.685592] [cf82fd70] [c052abb0] really_probe+0x20c/0x32c
[ 10.685728] [cf82fda0] [c052ae58] driver_probe_device+0x68/0x464
[ 10.685877] [cf82fdc0] [c052b500] device_driver_attach+0xb4/0xe4
[ 10.686024] [cf82fde0] [c052b5dc] __driver_attach+0xac/0xfc
[ 10.686161] [cf82fe00] [c0528428] bus_for_each_dev+0x80/0xc0
[ 10.686314] [cf82fe30] [c0529b3c] bus_add_driver+0x144/0x234
[ 10.686457] [cf82fe50] [c052c46c] driver_register+0x88/0x15c
[ 10.686610] [cf82fe60] [c09de288] ace_init+0x4c/0xac
[ 10.686742] [cf82fe80] [c0002730] do_one_initcall+0xac/0x330
[ 10.686888] [cf82fee0] [c09aafd0] kernel_init_freeable+0x34c/0x478
[ 10.687043] [cf82ff30] [c0002c6c] kernel_init+0x18/0x114
[ 10.687188] [cf82ff40] [c000f2f0] ret_from_kernel_thread+0x14/0x1c
[ 10.687349] Instruction dump:
[ 10.687435] 3863ffd4 4bfffd70 9421ffd0 7c0802a6 93c10028 7c9e2378 93e1002c 38810008
[ 10.687637] 7c7f1b78 90010034 4bfffc25 813f008c <81290040> 75290100 4182002c 80810008
[ 10.688056] ---[ end trace 13c9ff51d41b9d40 ]---
Fix the problem by setting the disk queue pointer to NULL before calling
put_disk(). A more comprehensive fix might be to rearrange the code
to check the hardware version before initializing data structures,
but I don't know if this would have undesirable side effects, and
it would increase the complexity of backporting the fix to older kernels.
Fixes: 74489a91dd43a ("Add support for Xilinx SystemACE CompactFlash interface")
Acked-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/xsysace.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/block/xsysace.c b/drivers/block/xsysace.c
index c24589414c75..0f36db0cf74a 100644
--- a/drivers/block/xsysace.c
+++ b/drivers/block/xsysace.c
@@ -1063,6 +1063,8 @@ static int ace_setup(struct ace_device *ace)
return 0;
err_read:
+ /* prevent double queue cleanup */
+ ace->gd->queue = NULL;
put_disk(ace->gd);
err_alloc_disk:
blk_cleanup_queue(ace->queue);
--
2.20.1
next prev parent reply other threads:[~2019-05-06 14:59 UTC|newest]
Thread overview: 113+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-06 14:31 [PATCH 4.19 00/99] 4.19.41-stable review Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 01/99] iwlwifi: fix driver operation for 5350 Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 02/99] mwifiex: Make resume actually do something useful again on SDIO cards Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 03/99] mac80211: dont attempt to rename ERR_PTR() debugfs dirs Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 04/99] i2c: synquacer: fix enumeration of slave devices Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 05/99] i2c: imx: correct the method of getting private data in notifier_call Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 06/99] i2c: Remove unnecessary call to irq_find_mapping Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 07/99] i2c: Clear client->irq in i2c_device_remove Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 08/99] i2c: Allow recovery of the initial IRQ by an I2C client device Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 09/99] i2c: Prevent runtime suspend of adapter when Host Notify is required Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 10/99] ALSA: hda/realtek - Add new Dell platform for headset mode Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 11/99] ALSA: hda/realtek - Fixed Dell AIO speaker noise Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 12/99] ALSA: hda/realtek - Apply the fixup for ASUS Q325UAR Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 13/99] USB: yurex: Fix protection fault after device removal Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 14/99] USB: w1 ds2490: Fix bug caused by improper use of altsetting array Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 15/99] USB: dummy-hcd: Fix failure to give back unlinked URBs Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 16/99] usb: usbip: fix isoc packet num validation in get_pipe Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 17/99] USB: core: Fix unterminated string returned by usb_string() Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 18/99] USB: core: Fix bug caused by duplicate interface PM usage counter Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 19/99] nvme-loop: init nvmet_ctrl fatal_err_work when allocate Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 20/99] efi: Fix debugobjects warning on efi_rts_work Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 21/99] arm64: dts: rockchip: fix rk3328-roc-cc gmac2io tx/rx_delay Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 22/99] HID: logitech: check the return value of create_singlethread_workqueue Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 23/99] HID: debug: fix race condition with between rdesc_show() and device removal Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 24/99] rtc: cros-ec: Fail suspend/resume if wake IRQ cant be configured Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 25/99] rtc: sh: Fix invalid alarm warning for non-enabled alarm Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 26/99] batman-adv: Reduce claim hash refcnt only for removed entry Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 27/99] batman-adv: Reduce tt_local " Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 28/99] batman-adv: Reduce tt_global " Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 29/99] batman-adv: fix warning in function batadv_v_elp_get_throughput Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 30/99] ARM: dts: rockchip: Fix gpu opp node names for rk3288 Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 31/99] reset: meson-audio-arb: Fix missing .owner setting of reset_controller_dev Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 32/99] igb: Fix WARN_ONCE on runtime suspend Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 33/99] riscv: fix accessing 8-byte variable from RV32 Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 34/99] HID: quirks: Fix keyboard + touchpad on Lenovo Miix 630 Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 35/99] net: hns3: fix compile error Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 36/99] net/mlx5: E-Switch, Fix esw manager vport indication for more vport commands Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 37/99] bonding: show full hw address in sysfs for slave entries Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 38/99] net: stmmac: use correct DMA buffer size in the RX descriptor Greg Kroah-Hartman
2019-05-08 0:10 ` Nobuhiro Iwamatsu
2019-05-08 6:35 ` Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 39/99] net: stmmac: ratelimit RX error logs Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 40/99] net: stmmac: dont stop NAPI processing when dropping a packet Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 41/99] net: stmmac: dont overwrite discard_frame status Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 42/99] net: stmmac: fix dropping of multi-descriptor RX frames Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 43/99] net: stmmac: dont log oversized frames Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 44/99] jffs2: fix use-after-free on symlink traversal Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 45/99] debugfs: " Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 46/99] mfd: twl-core: Disable IRQ while suspended Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 47/99] block: use blk_free_flush_queue() to free hctx->fq in blk_mq_init_hctx Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 48/99] rtc: da9063: set uie_unsupported when relevant Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 49/99] HID: input: add mapping for Assistant key Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 50/99] vfio/pci: use correct format characters Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 51/99] scsi: core: add new RDAC LENOVO/DE_Series device Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 52/99] scsi: storvsc: Fix calculation of sub-channel count Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 53/99] arm/mach-at91/pm : fix possible object reference leak Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 54/99] arm64: fix wrong check of on_sdei_stack in nmi context Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 55/99] net: hns: fix KASAN: use-after-free in hns_nic_net_xmit_hw() Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 56/99] net: hns: Use NAPI_POLL_WEIGHT for hns driver Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 57/99] net: hns: Fix probabilistic memory overwrite when HNS driver initialized Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 58/99] net: hns: fix ICMP6 neighbor solicitation messages discard problem Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 59/99] net: hns: Fix WARNING when remove HNS driver with SMMU enabled Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 60/99] libcxgb: fix incorrect ppmax calculation Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 61/99] KVM: SVM: prevent DBG_DECRYPT and DBG_ENCRYPT overflow Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 62/99] kmemleak: powerpc: skip scanning holes in the .bss section Greg Kroah-Hartman
2019-05-07 7:58 ` Nobuhiro Iwamatsu
2019-05-07 12:51 ` Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 63/99] hugetlbfs: fix memory leak for resv_map Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 64/99] sh: fix multiple function definition build errors Greg Kroah-Hartman
2019-05-06 14:32 ` Greg Kroah-Hartman [this message]
2019-05-06 14:32 ` [PATCH 4.19 66/99] fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 67/99] ARM: orion: dont use using 64-bit DMA masks Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 68/99] ARM: iop: " Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 69/99] block: pass no-op callback to INIT_WORK() Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 70/99] perf/x86/amd: Update generic hardware cache events for Family 17h Greg Kroah-Hartman
2019-05-06 14:32 ` Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 71/99] Bluetooth: btusb: request wake pin with NOAUTOEN Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 72/99] Bluetooth: mediatek: fix up an error path to restore bdev->tx_state Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 73/99] clk: qcom: Add missing freq for usb30_master_clk on 8998 Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 74/99] staging: iio: adt7316: allow adt751x to use internal vref for all dacs Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 75/99] staging: iio: adt7316: fix the dac read calculation Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 76/99] staging: iio: adt7316: fix the dac write calculation Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 77/99] scsi: RDMA/srpt: Fix a credit leak for aborted commands Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 78/99] ASoC: Intel: bytcr_rt5651: Revert "Fix DMIC map headsetmic mapping" Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 79/99] ASoC: wm_adsp: Correct handling of compressed streams that restart Greg Kroah-Hartman
2019-05-07 8:44 ` Nobuhiro Iwamatsu
2019-05-07 12:49 ` Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 80/99] ASoC: stm32: fix sai driver name initialisation Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 81/99] platform/x86: intel_pmc_core: Fix PCH IP name Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 82/99] platform/x86: intel_pmc_core: Handle CFL regmap properly Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 83/99] IB/core: Unregister notifier before freeing MAD security Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 84/99] IB/core: Fix potential memory leak while creating MAD agents Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 85/99] IB/core: Destroy QP if XRC QP fails Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 86/99] Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 87/99] Input: stmfts - acknowledge that setting brightness is a blocking call Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 88/99] gpio: mxc: add check to return defer probe if clock tree NOT ready Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 89/99] selinux: avoid silent denials in permissive mode under RCU walk Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 90/99] selinux: never allow relabeling on context mounts Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 91/99] mac80211: Honor SW_CRYPTO_CONTROL for unicast keys in AP VLAN mode Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 92/99] powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 93/99] x86/mce: Improve error message when kernel cannot recover, p2 Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 94/99] clk: x86: Add system specific quirk to mark clocks as critical Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 95/99] x86/mm/KASLR: Fix the size of the direct mapping section Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 96/99] x86/mm: Fix a crash with kmemleak_scan() Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 97/99] x86/mm/tlb: Revert "x86/mm: Align TLB invalidation info" Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 98/99] i2c: i2c-stm32f7: Fix SDADEL minimum formula Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 99/99] media: v4l2: i2c: ov7670: Fix PLL bypass register values Greg Kroah-Hartman
2019-05-07 9:49 ` [PATCH 4.19 00/99] 4.19.41-stable review Naresh Kamboju
2019-05-07 12:44 ` Jon Hunter
2019-05-07 12:44 ` Jon Hunter
2019-05-07 18:39 ` Guenter Roeck
2019-05-07 19:27 ` kernelci.org bot
2019-05-07 20:22 ` shuah
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190506143100.027909452@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=axboe@kernel.dk \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@roeck-us.net \
--cc=michal.simek@xilinx.com \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.