[PATCH AUTOSEL 4.14 20/23] blk-mq: fix possible memleak when register 'hctx' failed

public inbox for stable@vger.kernel.org
 help / color / mirror / Atom feed

From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Ye Bin <yebin10@huawei.com>, Ming Lei <ming.lei@redhat.com>,
	Jens Axboe <axboe@kernel.dk>, Sasha Levin <sashal@kernel.org>,
	linux-block@vger.kernel.org
Subject: [PATCH AUTOSEL 4.14 20/23] blk-mq: fix possible memleak when register 'hctx' failed
Date: Sun, 18 Dec 2022 11:21:46 -0500	[thread overview]
Message-ID: <20221218162149.935047-20-sashal@kernel.org> (raw)
In-Reply-To: <20221218162149.935047-1-sashal@kernel.org>

From: Ye Bin <yebin10@huawei.com>

[ Upstream commit 4b7a21c57b14fbcd0e1729150189e5933f5088e9 ]

There's issue as follows when do fault injection test:
unreferenced object 0xffff888132a9f400 (size 512):
  comm "insmod", pid 308021, jiffies 4324277909 (age 509.733s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 08 f4 a9 32 81 88 ff ff  ...........2....
    08 f4 a9 32 81 88 ff ff 00 00 00 00 00 00 00 00  ...2............
  backtrace:
    [<00000000e8952bb4>] kmalloc_node_trace+0x22/0xa0
    [<00000000f9980e0f>] blk_mq_alloc_and_init_hctx+0x3f1/0x7e0
    [<000000002e719efa>] blk_mq_realloc_hw_ctxs+0x1e6/0x230
    [<000000004f1fda40>] blk_mq_init_allocated_queue+0x27e/0x910
    [<00000000287123ec>] __blk_mq_alloc_disk+0x67/0xf0
    [<00000000a2a34657>] 0xffffffffa2ad310f
    [<00000000b173f718>] 0xffffffffa2af824a
    [<0000000095a1dabb>] do_one_initcall+0x87/0x2a0
    [<00000000f32fdf93>] do_init_module+0xdf/0x320
    [<00000000cbe8541e>] load_module+0x3006/0x3390
    [<0000000069ed1bdb>] __do_sys_finit_module+0x113/0x1b0
    [<00000000a1a29ae8>] do_syscall_64+0x35/0x80
    [<000000009cd878b0>] entry_SYSCALL_64_after_hwframe+0x46/0xb0

Fault injection context as follows:
 kobject_add
 blk_mq_register_hctx
 blk_mq_sysfs_register
 blk_register_queue
 device_add_disk
 null_add_dev.part.0 [null_blk]

As 'blk_mq_register_hctx' may already add some objects when failed halfway,
but there isn't do fallback, caller don't know which objects add failed.
To solve above issue just do fallback when add objects failed halfway in
'blk_mq_register_hctx'.

Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20221117022940.873959-1-yebin@huaweicloud.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 block/blk-mq-sysfs.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/block/blk-mq-sysfs.c b/block/blk-mq-sysfs.c
index c97fafa1b206..dd98410eddae 100644
--- a/block/blk-mq-sysfs.c
+++ b/block/blk-mq-sysfs.c
@@ -235,7 +235,7 @@ static int blk_mq_register_hctx(struct blk_mq_hw_ctx *hctx)
 {
 	struct request_queue *q = hctx->queue;
 	struct blk_mq_ctx *ctx;
-	int i, ret;
+	int i, j, ret;
 
 	if (!hctx->nr_ctx)
 		return 0;
@@ -247,9 +247,16 @@ static int blk_mq_register_hctx(struct blk_mq_hw_ctx *hctx)
 	hctx_for_each_ctx(hctx, ctx, i) {
 		ret = kobject_add(&ctx->kobj, &hctx->kobj, "cpu%u", ctx->cpu);
 		if (ret)
-			break;
+			goto out;
 	}
 
+	return 0;
+out:
+	hctx_for_each_ctx(hctx, ctx, j) {
+		if (j < i)
+			kobject_del(&ctx->kobj);
+	}
+	kobject_del(&hctx->kobj);
 	return ret;
 }
 
-- 
2.35.1

next prev parent reply	other threads:[~2022-12-18 17:08 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-12-18 16:21 [PATCH AUTOSEL 4.14 01/23] wifi: ath9k: verify the expected usb_endpoints are present Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 02/23] wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 03/23] ASoC: codecs: rt298: Add quirk for KBL-R RVP platform Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 04/23] ipmi: fix memleak when unload ipmi driver Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 05/23] bpf: make sure skb->len != 0 when redirecting to a tunneling device Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 06/23] net: ethernet: ti: Fix return type of netcp_ndo_start_xmit() Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 07/23] hamradio: baycom_epp: Fix return type of baycom_send_packet() Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 08/23] wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 09/23] igb: Do not free q_vector unless new one was allocated Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 10/23] s390/ctcm: Fix return type of ctc{mp,}m_tx() Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 11/23] s390/netiucv: Fix return type of netiucv_tx() Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 12/23] s390/lcs: Fix return type of lcs_start_xmit() Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 13/23] drm/sti: Use drm_mode_copy() Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 14/23] md/raid1: stop mdx_raid1 thread when raid1 array run failed Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 15/23] mrp: introduce active flags to prevent UAF when applicant uninit Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 16/23] ppp: associate skb with a device at tx Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 17/23] media: dvb-frontends: fix leak of memory fw Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 18/23] media: dvbdev: adopts refcnt to avoid UAF Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 19/23] media: dvb-usb: fix memory leak in dvb_usb_adapter_init() Sasha Levin
2022-12-18 16:21 ` Sasha Levin [this message]
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 21/23] mmc: f-sdh30: Add quirks for broken timeout clock capability Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 22/23] media: si470x: Fix use-after-free in si470x_int_in_callback() Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 23/23] clk: st: Fix memory leak in st_of_quadfs_setup() Sasha Levin

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:c97fafa1b20 dfblob:dd98410edda )
 OR (
bs:"[PATCH AUTOSEL 4.14 20/23] blk-mq: fix possible memleak when register 'hctx' failed" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20221218162149.935047-20-sashal@kernel.org \
    --to=sashal@kernel.org \
    --cc=axboe@kernel.dk \
    --cc=linux-block@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=ming.lei@redhat.com \
    --cc=stable@vger.kernel.org \
    --cc=yebin10@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox