From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Mikulas Patocka <mpatocka@redhat.com>,
Damien Le Moal <damien.lemoal@wdc.com>,
Mike Snitzer <snitzer@redhat.com>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.19 51/63] dm zoned: fix invalid memory access
Date: Sun, 29 Sep 2019 15:54:24 +0200 [thread overview]
Message-ID: <20190929135040.223777269@linuxfoundation.org> (raw)
In-Reply-To: <20190929135031.382429403@linuxfoundation.org>
From: Mikulas Patocka <mpatocka@redhat.com>
[ Upstream commit 0c8e9c2d668278652af028c3cc068c65f66342f4 ]
Commit 75d66ffb48efb30f2dd42f041ba8b39c5b2bd115 ("dm zoned: properly
handle backing device failure") triggers a coverity warning:
*** CID 1452808: Memory - illegal accesses (USE_AFTER_FREE)
/drivers/md/dm-zoned-target.c: 137 in dmz_submit_bio()
131 clone->bi_private = bioctx;
132
133 bio_advance(bio, clone->bi_iter.bi_size);
134
135 refcount_inc(&bioctx->ref);
136 generic_make_request(clone);
>>> CID 1452808: Memory - illegal accesses (USE_AFTER_FREE)
>>> Dereferencing freed pointer "clone".
137 if (clone->bi_status == BLK_STS_IOERR)
138 return -EIO;
139
140 if (bio_op(bio) == REQ_OP_WRITE && dmz_is_seq(zone))
141 zone->wp_block += nr_blocks;
142
The "clone" bio may be processed and freed before the check
"clone->bi_status == BLK_STS_IOERR" - so this check can access invalid
memory.
Fixes: 75d66ffb48efb3 ("dm zoned: properly handle backing device failure")
Cc: stable@vger.kernel.org
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Reviewed-by: Damien Le Moal <damien.lemoal@wdc.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/dm-zoned-target.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/md/dm-zoned-target.c b/drivers/md/dm-zoned-target.c
index 1030c42add05f..3dd668f694051 100644
--- a/drivers/md/dm-zoned-target.c
+++ b/drivers/md/dm-zoned-target.c
@@ -133,8 +133,6 @@ static int dmz_submit_bio(struct dmz_target *dmz, struct dm_zone *zone,
atomic_inc(&bioctx->ref);
generic_make_request(clone);
- if (clone->bi_status == BLK_STS_IOERR)
- return -EIO;
if (bio_op(bio) == REQ_OP_WRITE && dmz_is_seq(zone))
zone->wp_block += nr_blocks;
--
2.20.1
next prev parent reply other threads:[~2019-09-29 14:00 UTC|newest]
Thread overview: 85+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-29 13:53 [PATCH 4.19 00/63] 4.19.76-stable review Greg Kroah-Hartman
2019-09-29 13:53 ` [PATCH 4.19 01/63] Revert "Bluetooth: validate BLE connection interval updates" Greg Kroah-Hartman
2019-09-29 13:53 ` [PATCH 4.19 02/63] net/ibmvnic: free reset work of removed device from queue Greg Kroah-Hartman
2019-09-29 13:53 ` [PATCH 4.19 03/63] RDMA/restrack: Protect from reentry to resource return path Greg Kroah-Hartman
2019-09-29 13:53 ` [PATCH 4.19 04/63] powerpc/xive: Fix bogus error code returned by OPAL Greg Kroah-Hartman
2019-09-29 13:53 ` [PATCH 4.19 05/63] drm/amd/display: readd -msse2 to prevent Clang from emitting libcalls to undefined SW FP routines Greg Kroah-Hartman
2019-09-29 13:53 ` [PATCH 4.19 06/63] IB/core: Add an unbound WQ type to the new CQ API Greg Kroah-Hartman
2019-09-29 13:53 ` [PATCH 4.19 07/63] HID: prodikeys: Fix general protection fault during probe Greg Kroah-Hartman
2019-09-29 13:53 ` [PATCH 4.19 08/63] HID: sony: Fix memory corruption issue on cleanup Greg Kroah-Hartman
2019-09-29 13:53 ` [PATCH 4.19 09/63] HID: logitech: Fix general protection fault caused by Logitech driver Greg Kroah-Hartman
2019-09-29 13:53 ` [PATCH 4.19 10/63] HID: hidraw: Fix invalid read in hidraw_ioctl Greg Kroah-Hartman
2019-09-29 13:53 ` [PATCH 4.19 11/63] HID: Add quirk for HP X500 PIXART OEM mouse Greg Kroah-Hartman
2019-09-29 13:53 ` [PATCH 4.19 12/63] mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword() Greg Kroah-Hartman
2019-09-29 13:53 ` Greg Kroah-Hartman
2019-09-29 13:53 ` [PATCH 4.19 13/63] crypto: talitos - fix missing break in switch statement Greg Kroah-Hartman
2019-09-29 13:53 ` [PATCH 4.19 14/63] CIFS: fix deadlock in cached root handling Greg Kroah-Hartman
2019-09-29 13:53 ` [PATCH 4.19 15/63] net/mlx5e: Set ECN for received packets using CQE indication Greg Kroah-Hartman
2019-09-29 13:53 ` [PATCH 4.19 16/63] net/mlx5e: dont set CHECKSUM_COMPLETE on SCTP packets Greg Kroah-Hartman
2019-09-29 13:53 ` [PATCH 4.19 17/63] mlx5: fix get_ip_proto() Greg Kroah-Hartman
2019-09-29 13:53 ` [PATCH 4.19 18/63] net/mlx5e: Allow reporting of checksum unnecessary Greg Kroah-Hartman
2019-09-29 13:53 ` [PATCH 4.19 19/63] net/mlx5e: XDP, Avoid checksum complete when XDP prog is loaded Greg Kroah-Hartman
2019-09-29 13:53 ` [PATCH 4.19 20/63] net/mlx5e: Rx, Fixup skb checksum for packets with tail padding Greg Kroah-Hartman
2019-09-29 13:53 ` [PATCH 4.19 21/63] net/mlx5e: Rx, Check ip headers sanity Greg Kroah-Hartman
2019-09-29 13:53 ` [PATCH 4.19 22/63] iwlwifi: mvm: send BCAST management frames to the right station Greg Kroah-Hartman
2019-09-29 13:53 ` [PATCH 4.19 23/63] iwlwifi: mvm: always init rs_fw with 20MHz bandwidth rates Greg Kroah-Hartman
2019-09-29 13:53 ` [PATCH 4.19 24/63] media: tvp5150: fix switch exit in set control handler Greg Kroah-Hartman
2019-09-29 13:53 ` [PATCH 4.19 25/63] ASoC: Intel: cht_bsw_max98090_ti: Enable codec clock once and keep it enabled Greg Kroah-Hartman
2019-09-29 13:53 ` [PATCH 4.19 26/63] ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt() Greg Kroah-Hartman
2019-09-29 13:54 ` [PATCH 4.19 27/63] ALSA: usb-audio: Add Hiby device family to quirks for native DSD support Greg Kroah-Hartman
2019-09-29 13:54 ` [PATCH 4.19 28/63] ALSA: usb-audio: Add DSD support for EVGA NU Audio Greg Kroah-Hartman
2019-09-29 13:54 ` [PATCH 4.19 29/63] ALSA: dice: fix wrong packet parameter for Alesis iO26 Greg Kroah-Hartman
2019-09-29 13:54 ` [PATCH 4.19 30/63] ALSA: hda - Add laptop imic fixup for ASUS M9V laptop Greg Kroah-Hartman
2019-09-29 13:54 ` [PATCH 4.19 31/63] ALSA: hda - Apply AMD controller workaround for Raven platform Greg Kroah-Hartman
2019-09-29 13:54 ` [PATCH 4.19 32/63] objtool: Clobber user CFLAGS variable Greg Kroah-Hartman
2019-09-29 13:54 ` [PATCH 4.19 33/63] tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations Greg Kroah-Hartman
2019-09-30 6:13 ` Pavel Machek
2019-09-30 12:57 ` Sasha Levin
2019-10-01 20:56 ` Jarkko Sakkinen
2019-09-29 13:54 ` [PATCH 4.19 34/63] pinctrl: sprd: Use define directive for sprd_pinconf_params values Greg Kroah-Hartman
2019-09-29 13:54 ` [PATCH 4.19 35/63] power: supply: sysfs: ratelimit property read error message Greg Kroah-Hartman
2019-09-29 13:54 ` [PATCH 4.19 36/63] locking/lockdep: Add debug_locks check in __lock_downgrade() Greg Kroah-Hartman
2019-09-29 14:43 ` Tetsuo Handa
2019-09-29 14:49 ` Greg Kroah-Hartman
2019-09-30 0:28 ` Sasha Levin
2019-09-30 1:46 ` Tetsuo Handa
2019-09-30 11:35 ` Sasha Levin
2019-09-30 14:00 ` Waiman Long
2019-10-01 22:20 ` Sasha Levin
2019-10-02 13:16 ` Waiman Long
2019-09-29 13:54 ` [PATCH 4.19 37/63] locking/lockdep: Add debug_locks check in __lock_downgrade() - again Greg Kroah-Hartman
2019-09-29 13:54 ` [PATCH 4.19 38/63] scsi: qla2xxx: Turn off IOCB timeout timer on IOCB completion Greg Kroah-Hartman
2019-09-29 13:54 ` [PATCH 4.19 39/63] scsi: qla2xxx: Remove all rports if fabric scan retry fails Greg Kroah-Hartman
2019-09-29 13:54 ` [PATCH 4.19 40/63] scsi: qla2xxx: Return switch command on a timeout Greg Kroah-Hartman
2019-09-29 13:54 ` [PATCH 4.19 41/63] Revert "drm/amd/powerplay: Enable/Disable NBPSTATE on On/OFF of UVD" Greg Kroah-Hartman
2019-09-29 13:54 ` [PATCH 4.19 42/63] bpf: libbpf: retry loading program on EAGAIN Greg Kroah-Hartman
2019-09-29 13:54 ` [PATCH 4.19 43/63] irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices Greg Kroah-Hartman
2019-09-29 13:54 ` [PATCH 4.19 44/63] f2fs: check all the data segments against all node ones Greg Kroah-Hartman
2019-09-29 13:54 ` [PATCH 4.19 45/63] PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it Greg Kroah-Hartman
2019-09-29 13:54 ` [PATCH 4.19 46/63] bcache: remove redundant LIST_HEAD(journal) from run_cache_set() Greg Kroah-Hartman
2019-09-29 13:54 ` [PATCH 4.19 47/63] initramfs: dont free a non-existent initrd Greg Kroah-Hartman
2019-09-29 13:54 ` [PATCH 4.19 48/63] blk-mq: change gfp flags to GFP_NOIO in blk_mq_realloc_hw_ctxs Greg Kroah-Hartman
2019-09-29 13:54 ` [PATCH 4.19 49/63] blk-mq: move cancel of requeue_work to the front of blk_exit_queue Greg Kroah-Hartman
2019-09-29 13:54 ` [PATCH 4.19 50/63] Revert "f2fs: avoid out-of-range memory access" Greg Kroah-Hartman
2019-09-29 13:54 ` Greg Kroah-Hartman [this message]
2019-09-29 13:54 ` [PATCH 4.19 52/63] net/ibmvnic: Fix missing { in __ibmvnic_reset Greg Kroah-Hartman
2019-09-29 13:54 ` [PATCH 4.19 53/63] f2fs: fix to do sanity check on segment bitmap of LFS curseg Greg Kroah-Hartman
2019-09-30 7:21 ` Pavel Machek
2019-09-30 7:36 ` Chao Yu
2019-09-30 13:22 ` Sasha Levin
2019-09-29 13:54 ` [PATCH 4.19 54/63] drm: Flush output polling on shutdown Greg Kroah-Hartman
2019-09-29 13:54 ` [PATCH 4.19 55/63] net: dont warn in inet diag when IPV6 is disabled Greg Kroah-Hartman
2019-09-29 13:54 ` [PATCH 4.19 56/63] Bluetooth: btrtl: HCI reset on close for Realtek BT chip Greg Kroah-Hartman
2019-09-29 13:54 ` [PATCH 4.19 57/63] ACPI: video: Add new hw_changes_brightness quirk, set it on PB Easynote MZ35 Greg Kroah-Hartman
2019-09-29 13:54 ` [PATCH 4.19 58/63] drm/nouveau/disp/nv50-: fix center/aspect-corrected scaling Greg Kroah-Hartman
2019-09-29 13:54 ` [PATCH 4.19 59/63] xfs: dont crash on null attr fork xfs_bmapi_read Greg Kroah-Hartman
2019-09-29 13:54 ` [PATCH 4.19 60/63] netfilter: nft_socket: fix erroneous socket assignment Greg Kroah-Hartman
2019-09-29 13:54 ` [PATCH 4.19 61/63] Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices Greg Kroah-Hartman
2019-09-29 13:54 ` [PATCH 4.19 62/63] net_sched: check cops->tcf_block in tc_bind_tclass() Greg Kroah-Hartman
2019-09-29 13:54 ` [PATCH 4.19 63/63] net/rds: An rds_sock is added too early to the hash table Greg Kroah-Hartman
2019-09-29 19:00 ` [PATCH 4.19 00/63] 4.19.76-stable review kernelci.org bot
2019-09-30 18:30 ` Guenter Roeck
2019-09-30 22:44 ` shuah
2019-10-01 1:05 ` Dan Rue
2019-10-01 14:58 ` Jon Hunter
2019-10-01 14:58 ` Jon Hunter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190929135040.223777269@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=damien.lemoal@wdc.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mpatocka@redhat.com \
--cc=sashal@kernel.org \
--cc=snitzer@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.