From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Mikulas Patocka <mpatocka@redhat.com>,
Tejun Heo <tj@kernel.org>, Jens Axboe <axboe@kernel.dk>
Subject: [PATCH 3.4 21/60] loop: fix crash if blk_alloc_queue fails
Date: Mon, 2 Dec 2013 11:06:02 -0800 [thread overview]
Message-ID: <20131202190334.913533429@linuxfoundation.org> (raw)
In-Reply-To: <20131202190330.152596462@linuxfoundation.org>
3.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mikulas Patocka <mpatocka@redhat.com>
commit 3ec981e30fae1f3c8728a05c730acaa1f627bcfb upstream.
loop: fix crash if blk_alloc_queue fails
If blk_alloc_queue fails, loop_add cleans up, but it doesn't clean up the
identifier allocated with idr_alloc. That causes crash on module unload in
idr_for_each(&loop_index_idr, &loop_exit_cb, NULL); where we attempt to
remove non-existed device with that id.
BUG: unable to handle kernel NULL pointer dereference at 0000000000000380
IP: [<ffffffff812057c9>] del_gendisk+0x19/0x2d0
PGD 43d399067 PUD 43d0ad067 PMD 0
Oops: 0000 [#1] PREEMPT SMP
Modules linked in: loop(-) dm_snapshot dm_zero dm_mirror dm_region_hash dm_log dm_loop dm_mod ip6table_filter ip6_tables uvesafb cfbcopyarea cfbimgblt cfbfillrect fbcon font bitblit fbcon_rotate fbcon_cw fbcon_ud fbcon_ccw softcursor fb fbdev msr ipt_MASQUERADE iptable_nat nf_nat_ipv4 nf_conntrack_ipv4 nf_defrag_ipv4 xt_state ipt_REJECT xt_tcpudp iptable_filter ip_tables x_tables bridge stp llc tun ipv6 cpufreq_userspace cpufreq_stats cpufreq_ondemand cpufreq_conservative cpufreq_powersave spadfs fuse hid_generic usbhid hid raid0 md_mod dmi_sysfs nf_nat_ftp nf_nat nf_conntrack_ftp nf_conntrack snd_usb_audio snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd_page_alloc lm85 hwmon_vid snd_hwdep snd_usbmidi_lib snd_rawmidi snd soundcore acpi_cpufreq ohci_hcd freq_table tg3 ehci_pci mperf ehci_hcd kvm_amd kvm sata_svw serverworks libphy libata ide_core k10temp usbcore hwmon microcode ptp pcspkr pps_core e100 skge mii usb_common i2c_piix4 floppy evdev rtc_cmos i2c_core processor but!
ton unix
CPU: 7 PID: 2735 Comm: rmmod Tainted: G W 3.10.15-devel #15
Hardware name: empty empty/S3992-E, BIOS 'V1.06 ' 06/09/2009
task: ffff88043d38e780 ti: ffff88043d21e000 task.ti: ffff88043d21e000
RIP: 0010:[<ffffffff812057c9>] [<ffffffff812057c9>] del_gendisk+0x19/0x2d0
RSP: 0018:ffff88043d21fe10 EFLAGS: 00010282
RAX: ffffffffa05102e0 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff88043ea82800 RDI: 0000000000000000
RBP: ffff88043d21fe48 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000000 R12: 00000000000000ff
R13: 0000000000000080 R14: 0000000000000000 R15: ffff88043ea82800
FS: 00007ff646534700(0000) GS:ffff880447000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000380 CR3: 000000043e9bf000 CR4: 00000000000007e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Stack:
ffffffff8100aba4 0000000000000092 ffff88043d21fe48 ffff88043ea82800
00000000000000ff ffff88043d21fe98 0000000000000000 ffff88043d21fe60
ffffffffa05102b4 0000000000000000 ffff88043d21fe70 ffffffffa05102ec
Call Trace:
[<ffffffff8100aba4>] ? native_sched_clock+0x24/0x80
[<ffffffffa05102b4>] loop_remove+0x14/0x40 [loop]
[<ffffffffa05102ec>] loop_exit_cb+0xc/0x10 [loop]
[<ffffffff81217b74>] idr_for_each+0x104/0x190
[<ffffffffa05102e0>] ? loop_remove+0x40/0x40 [loop]
[<ffffffff8109adc5>] ? trace_hardirqs_on_caller+0x105/0x1d0
[<ffffffffa05135dc>] loop_exit+0x34/0xa58 [loop]
[<ffffffff810a98ea>] SyS_delete_module+0x13a/0x260
[<ffffffff81221d5e>] ? trace_hardirqs_on_thunk+0x3a/0x3f
[<ffffffff813cff16>] system_call_fastpath+0x1a/0x1f
Code: f0 4c 8b 6d f8 c9 c3 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 56 41 55 4c 8d af 80 00 00 00 41 54 53 48 89 fb 48 83 ec 18 <48> 83 bf 80 03 00
00 00 74 4d e8 98 fe ff ff 31 f6 48 c7 c7 20
RIP [<ffffffff812057c9>] del_gendisk+0x19/0x2d0
RSP <ffff88043d21fe10>
CR2: 0000000000000380
---[ end trace 64ec069ec70f1309 ]---
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/block/loop.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/block/loop.c
+++ b/drivers/block/loop.c
@@ -1636,7 +1636,7 @@ static int loop_add(struct loop_device *
lo->lo_queue = blk_alloc_queue(GFP_KERNEL);
if (!lo->lo_queue)
- goto out_free_dev;
+ goto out_free_idr;
disk = lo->lo_disk = alloc_disk(1 << part_shift);
if (!disk)
@@ -1680,6 +1680,8 @@ static int loop_add(struct loop_device *
out_free_queue:
blk_cleanup_queue(lo->lo_queue);
+out_free_idr:
+ idr_remove(&loop_index_idr, i);
out_free_dev:
kfree(lo);
out:
next prev parent reply other threads:[~2013-12-02 19:07 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-02 19:05 [PATCH 3.4 00/60] 3.4.72-stable review Greg Kroah-Hartman
2013-12-02 19:05 ` [PATCH 3.4 01/60] ARM: sa11x0/assabet: ensure CS2 is configured appropriately Greg Kroah-Hartman
2013-12-02 19:05 ` [PATCH 3.4 02/60] ARM: integrator_cp: Set LCD{0,1} enable lines when turning on CLCD Greg Kroah-Hartman
2013-12-02 19:05 ` [PATCH 3.4 03/60] Staging: tidspbridge: disable driver Greg Kroah-Hartman
2013-12-02 19:05 ` [PATCH 3.4 04/60] backlight: atmel-pwm-bl: fix reported brightness Greg Kroah-Hartman
2013-12-02 19:05 ` [PATCH 3.4 05/60] ASoC: ak4642: prevent un-necessary changes to SG_SL1 Greg Kroah-Hartman
2013-12-02 19:05 ` [PATCH 3.4 06/60] ASoC: wm8962: Turn on regcache_cache_only before disabling regulator Greg Kroah-Hartman
2013-12-02 19:05 ` [PATCH 3.4 07/60] ASoC: blackfin: Fix missing break Greg Kroah-Hartman
2013-12-02 19:05 ` [PATCH 3.4 08/60] alarmtimer: return EINVAL instead of ENOTSUPP if rtcdev doesnt exist Greg Kroah-Hartman
2013-12-02 19:05 ` [PATCH 3.4 09/60] devpts: plug the memory leak in kill_sb Greg Kroah-Hartman
2013-12-02 19:05 ` [PATCH 3.4 10/60] can: flexcan: fix flexcan_chip_start() on imx6 Greg Kroah-Hartman
2013-12-02 19:05 ` [PATCH 3.4 11/60] libata: Fix display of sata speed Greg Kroah-Hartman
2013-12-02 19:05 ` [PATCH 3.4 12/60] drivers/libata: Set max sector to 65535 for Slimtype DVD A DS8A9SH drive Greg Kroah-Hartman
2013-12-02 19:05 ` [PATCH 3.4 13/60] vsprintf: check real user/group id for %pK Greg Kroah-Hartman
2013-12-02 19:05 ` [PATCH 3.4 14/60] rtlwifi: rtl8192se: Fix wrong assignment Greg Kroah-Hartman
2013-12-02 19:05 ` [PATCH 3.4 15/60] rtlwifi: rtl8192cu: Fix more pointer arithmetic errors Greg Kroah-Hartman
2013-12-02 19:05 ` [PATCH 3.4 16/60] ahci: disabled FBS prior to issuing software reset Greg Kroah-Hartman
2013-12-02 19:05 ` [PATCH 3.4 17/60] ahci: add Marvell 9230 to the AHCI PCI device list Greg Kroah-Hartman
2013-12-02 19:05 ` [PATCH 3.4 18/60] iscsi-target: fix extract_param to handle buffer length corner case Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 19/60] iscsi-target: chap auth shouldnt match username with trailing garbage Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 20/60] IB/ipath: Convert ipath_user_sdma_pin_pages() to use get_user_pages_fast() Greg Kroah-Hartman
2013-12-02 19:06 ` Greg Kroah-Hartman [this message]
2013-12-02 19:06 ` [PATCH 3.4 22/60] mtd: nand: hack ONFI for non-power-of-2 dimensions Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 23/60] mtd: map: fixed bug in 64-bit systems Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 24/60] mtd: gpmi: fix kernel BUG due to racing DMA operations Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 25/60] ext4: avoid bh leak in retry path of ext4_expand_extra_isize_ea() Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 26/60] xen/blkback: fix reference counting Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 27/60] staging: vt6656: [BUG] Fix for TX USB resets from vendors driver Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 28/60] rtlwifi: rtl8192de: Fix incorrect signal strength for unassociated AP Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 29/60] rtlwifi: rtl8192se: " Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 30/60] rtlwifi: rtl8192cu: " Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 31/60] qeth: avoid buffer overflow in snmp ioctl Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 32/60] rt2400pci: fix RSSI read Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 33/60] dm: allocate buffer for messages with small number of arguments using GFP_NOIO Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 34/60] PM / hibernate: Avoid overflow in hibernate_preallocate_memory() Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 35/60] mwifiex: correct packet length for packets from SDIO interface Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 36/60] audit: printk USER_AVC messages when audit isnt enabled Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 37/60] audit: use nlmsg_len() to get message payload length Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 38/60] audit: fix info leak in AUDIT_GET requests Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 39/60] PCI: Remove duplicate pci_disable_device() from pcie_portdrv_remove() Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 40/60] selinux: correct locking in selinux_netlbl_socket_connect) Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 41/60] avr32: setup crt for early panic() Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 42/60] avr32: fix out-of-range jump in large kernels Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 43/60] prism54: set netdev type to "wlan" Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 44/60] drm/ttm: Handle in-memory region copies Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 45/60] drm/i915: flush cursors harder Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 46/60] drm/nouveau: when bailing out of a pushbuf ioctl, do not remove previous fence Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 47/60] drm/radeon/si: fix define for MC_SEQ_TRAIN_WAKEUP_CNTL Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 48/60] radeon: workaround pinning failure on low ram gpu Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 49/60] md: fix calculation of stacking limits on level change Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 50/60] powerpc/signals: Improved mark VSX not saved with small contexts fix Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 51/60] cpuset: Fix memory allocator deadlock Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 52/60] ALSA: hda/realtek - Set pcbeep amp for ALC668 Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 53/60] tracing: Allow events to have NULL strings Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 54/60] Input: i8042 - add PNP modaliases Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 55/60] KVM: perform an invalid memslot step for gpa base change Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 56/60] KVM: Fix iommu map/unmap to handle memory slot moves Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 57/60] ftrace: Fix function graph with loading of modules Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 58/60] media: lirc_zilog: Dont use dynamic static allocation Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 59/60] HID: roccat: fix Coverity CID 141438 Greg Kroah-Hartman
2013-12-02 19:06 ` [PATCH 3.4 60/60] HID: apple: option to swap the Option ("Alt") and Command ("Flag") keys Greg Kroah-Hartman
2013-12-03 2:50 ` [PATCH 3.4 00/60] 3.4.72-stable review Guenter Roeck
2013-12-03 3:04 ` Greg Kroah-Hartman
2013-12-03 21:56 ` Shuah Khan
2013-12-04 10:23 ` Satoru Takeuchi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131202190334.913533429@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=axboe@kernel.dk \
--cc=linux-kernel@vger.kernel.org \
--cc=mpatocka@redhat.com \
--cc=stable@vger.kernel.org \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox