torvalds/linux
3
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-03-27 09:56:48 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
f2893c0804d86230ffb8f1c8703fdbb18648abc8
linux/drivers
History
Ming-Hung Tsai f2893c0804 dm array: fix releasing a faulty array block twice in dm_array_cursor_end 
When dm_bm_read_lock() fails due to locking or checksum errors, it
releases the faulty block implicitly while leaving an invalid output
pointer behind. The caller of dm_bm_read_lock() should not operate on
this invalid dm_block pointer, or it will lead to undefined result.
For example, the dm_array_cursor incorrectly caches the invalid pointer
on reading a faulty array block, causing a double release in
dm_array_cursor_end(), then hitting the BUG_ON in dm-bufio cache_put().

Reproduce steps:

1. initialize a cache device

dmsetup create cmeta --table "0 8192 linear /dev/sdc 0"
dmsetup create cdata --table "0 65536 linear /dev/sdc 8192"
dmsetup create corig --table "0 524288 linear /dev/sdc $262144"
dd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1
dmsetup create cache --table "0 524288 cache /dev/mapper/cmeta \
/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0"

2. wipe the second array block offline

dmsteup remove cache cmeta cdata corig
mapping_root=$(dd if=/dev/sdc bs=1c count=8 skip=192 \
2>/dev/null | hexdump -e '1/8 "%u\n"')
ablock=$(dd if=/dev/sdc bs=1c count=8 skip=$((4096*mapping_root+2056)) \
2>/dev/null | hexdump -e '1/8 "%u\n"')
dd if=/dev/zero of=/dev/sdc bs=4k count=1 seek=$ablock

3. try reopen the cache device

dmsetup create cmeta --table "0 8192 linear /dev/sdc 0"
dmsetup create cdata --table "0 65536 linear /dev/sdc 8192"
dmsetup create corig --table "0 524288 linear /dev/sdc $262144"
dmsetup create cache --table "0 524288 cache /dev/mapper/cmeta \
/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0"

Kernel logs:

(snip)
device-mapper: array: array_block_check failed: blocknr 0 != wanted 10
device-mapper: block manager: array validator check failed for block 10
device-mapper: array: get_ablock failed
device-mapper: cache metadata: dm_array_cursor_next for mapping failed
------------[ cut here ]------------
kernel BUG at drivers/md/dm-bufio.c:638!

Fix by setting the cached block pointer to NULL on errors.

In addition to the reproducer described above, this fix can be
verified using the "array_cursor/damaged" test in dm-unit:
  dm-unit run /pdata/array_cursor/damaged --kernel-dir <KERNEL_DIR>

Signed-off-by: Ming-Hung Tsai <mtsai@redhat.com>
Fixes: fdd1315aa5 ("dm array: introduce cursor api")
Reviewed-by: Joe Thornber <thornber@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
2024-12-13 08:33:38 -05:00
..
accel
accel/ivpu: Fix NOC firewall interrupt handling
2024-10-30 10:17:00 +01:00
accessibility
acpi
ACPI: processor: Move arch_init_invariance_cppc() call later
2024-11-06 21:31:36 +01:00
amba
ARM: 9416/1: amba: make amba_bustype constant
2024-09-04 15:01:17 +01:00
android
binder: modify the comment for binder_proc_unlock
2024-09-11 16:02:45 +02:00
ata
ata: libata: Set DID_TIME_OUT for commands that actually timed out
2024-10-24 11:14:00 +02:00
atm
auxdisplay
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
base
ACPI: processor: Move arch_init_invariance_cppc() call later
2024-11-06 21:31:36 +01:00
bcma
PCI: Rename CRS Completion Status to RRS
2024-09-10 19:52:30 -05:00
block
Merge tag 'block-6.12-20241018' of git://git.kernel.dk/linux
2024-10-18 15:53:00 -07:00
bluetooth
Bluetooth: btintel: Direct exception event to bluetooth stack
2024-11-12 11:39:12 -05:00
bus
Merge tag 'driver-core-6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
2024-09-27 08:48:37 -07:00
cache
cdrom
cdrom: Avoid barrier_nospec() in cdrom_ioctl_media_changed()
2024-10-17 19:47:15 -06:00
cdx
char
tpm: Disable TPM on tpm2_create_primary() failure
2024-11-13 21:10:45 +02:00
clk
Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux
2024-11-10 14:16:28 -08:00
clocksource
Merge tag 'x86-timers-2024-09-17' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2024-09-17 15:27:01 +02:00
comedi
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
connector
counter
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
cpufreq
cpufreq: intel_pstate: Rearrange locking in hybrid_init_cpu_capacity_scaling()
2024-11-11 15:18:41 +01:00
cpuidle
Merge tag 'pmdomain-v6.12' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/linux-pm
2024-09-18 10:49:45 +02:00
crypto
Merge tag 'v6.12-p3' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
2024-10-16 08:42:54 -07:00
cxl
cxl/port: Prevent out-of-order decoder allocation
2024-10-25 16:07:03 -05:00
dax
device-dax: correct pgoff align in dax_set_mapping()
2024-10-09 12:47:19 -07:00
dca
devfreq
PM / devfreq: imx-bus: Use of_property_present()
2024-09-05 01:23:56 +09:00
dio
dma
Merge tag 'dmaengine-fix-6.12' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine
2024-11-03 10:15:50 -10:00
dma-buf
Merge tag 'drm-next-2024-09-19' of https://gitlab.freedesktop.org/drm/kernel
2024-09-19 10:18:15 +02:00
dpll
edac
EDAC/qcom: Make irq configuration optional
2024-10-05 22:17:08 -05:00
eisa
extcon
Merge tag 'char-misc-6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2024-09-26 10:13:08 -07:00
firewire
firewire: core: fix invalid port index for parent device
2024-10-27 11:14:35 +09:00
firmware
Merge tag 'pmdomain-v6.12-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/linux-pm
2024-11-15 10:20:17 -08:00
fpga
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
fsi
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
gnss
[tree-wide] finally take no_llseek out
2024-09-27 08:18:43 -07:00
gpio
gpiolib: fix debugfs dangling chip separator
2024-10-31 19:14:17 +01:00
gpu
Merge tag 'amd-drm-fixes-6.12-2024-11-16' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes
2024-11-17 08:12:48 +10:00
greybus
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
hid
Merge tag 'hid-for-linus-20241105' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid
2024-11-06 07:49:54 -10:00
hsi
hte
hv
Merge tag 'drm-next-2024-09-19' of https://gitlab.freedesktop.org/drm/kernel
2024-09-19 10:18:15 +02:00
hwmon
[PATCH} hwmon: (jc42) Properly detect TSE2004-compliant devices again
2024-10-14 19:14:08 -07:00
hwspinlock
hwtracing
[tree-wide] finally take no_llseek out
2024-09-27 08:18:43 -07:00
i2c
i2c: designware: do not hold SCL low when I2C_DYNAMIC_TAR_UPDATE is not set
2024-11-08 19:13:06 +01:00
i3c
i3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition
2024-09-17 16:51:45 +02:00
idle
intel_idle: fix ACPI _CST matching for newer Xeon platforms
2024-09-25 22:30:33 +02:00
iio
iio: dac: Kconfig: Fix build error for ltc2664
2024-10-24 18:46:04 +01:00
infiniband
Revert "RDMA/core: Fix ENODEV error for iWARP test over vlan"
2024-11-12 09:53:11 -05:00
input
Merge tag 'input-for-v6.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
2024-11-03 08:35:29 -10:00
interconnect
iommu
iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices
2024-10-15 10:17:54 +02:00
ipack
irqchip
irqchip/gic-v3: Force propagation of the active state with a read-back
2024-11-07 00:22:44 +01:00
isdn
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
leds
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
macintosh
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
mailbox
mailbox: qcom-cpucp: Mark the irq with IRQF_NO_SUSPEND flag
2024-11-12 19:45:25 +01:00
mcb
md
dm array: fix releasing a faulty array block twice in dm_array_cursor_end
2024-12-13 08:33:38 -05:00
media
Merge tag 'media/v6.12-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media
2024-11-08 07:41:27 -10:00
memory
memory: pl353-smc: simplify with scoped for each OF child loop
2024-08-31 07:44:24 +02:00
memstick
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
message
Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
2024-09-29 09:22:34 -07:00
mfd
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
misc
mei: use kvmalloc for read buffer
2024-10-29 04:01:40 +01:00
mmc
Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K"
2024-11-12 19:40:40 +01:00
most
mtd
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
mux
net
bonding: add ns target multicast address to slave device
2024-11-14 11:16:28 +01:00
nfc
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
ntb
ntb: Force physically contiguous allocation of rx ring buffers
2024-09-20 10:51:25 -04:00
nubus
nvdimm
Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost
2024-09-26 08:43:17 -07:00
nvme
Merge tag 'block-6.12-20241108' of git://git.kernel.dk/linux
2024-11-09 12:55:32 -08:00
nvmem
Merge tag 'char-misc-6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2024-09-26 10:13:08 -07:00
of
of: Skip kunit tests when arm64+ACPI doesn't populate root node
2024-10-10 12:43:01 -05:00
opp
OPP: fix error code in dev_pm_opp_set_config()
2024-10-02 01:27:50 +02:00
parisc
parisc: pdc_stable: Constify struct kobj_type
2024-09-09 08:53:17 +02:00
parport
parport: Proper fix for array out-of-bounds access
2024-10-13 18:17:35 +02:00
pci
Merge tag 'pci-v6.12-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci
2024-11-01 15:44:23 -10:00
pcmcia
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
peci
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
perf
drivers: perf: Fix wrong put_cpu() placement
2024-11-12 07:34:27 -08:00
phy
phy: tegra: xusb: Add error pointer check in xusb.c
2024-10-21 23:34:42 +05:30
pinctrl
pinctrl: ocelot: fix system hang on level based interrupts
2024-10-12 22:04:38 +02:00
platform
Merge tag 'platform-drivers-x86-v6.12-4' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86
2024-11-06 08:03:19 -10:00
pmdomain
pmdomain: imx93-blk-ctrl: correct remove path
2024-11-01 12:53:16 +01:00
pnp
power
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
powercap
powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request()
2024-10-21 13:23:06 +02:00
pps
[tree-wide] finally take no_llseek out
2024-09-27 08:18:43 -07:00
ps3
ptp
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
pwm
pwm: imx-tpm: Use correct MODULO value for EPWM mode
2024-10-25 11:29:17 +02:00
rapidio
ras
regulator
regulator: rk808: Add apply_bit for BUCK3 on RK809
2024-11-01 14:47:08 +00:00
remoteproc
Merge tag 'mailbox-v6.12' of git://git.kernel.org/pub/scm/linux/kernel/git/jassibrar/mailbox
2024-09-29 09:53:04 -07:00
reset
reset: starfive: jh71x0: Fix accessing the empty member on JH7110 SoC
2024-09-30 14:24:37 +02:00
rpmsg
rpmsg: glink: Handle rejected intent request better
2024-10-24 13:03:37 -05:00
rtc
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
s390
s390/sclp_vt220: Convert newlines to CRLF instead of LFCR
2024-10-16 11:32:32 +02:00
sbus
[tree-wide] finally take no_llseek out
2024-09-27 08:18:43 -07:00
scsi
Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
2024-11-08 09:56:27 -10:00
sh
sh: intc: Replace simple_strtoul() with kstrtoul()
2024-09-26 17:25:29 +02:00
siox
slimbus
slimbus: qcom-ngd-ctrl: use 'time_left' variable with wait_for_completion_timeout()
2024-09-03 12:10:38 +02:00
soc
Merge tag 'qcom-drivers-fixes-for-6.12' of https://git.kernel.org/pub/scm/linux/kernel/git/qcom/linux into arm/fixes
2024-11-04 14:23:09 +01:00
soundwire
soundwire: intel_ace2x: Send PDI stream number during prepare
2024-10-17 12:11:19 +01:00
spi
spi: spi-fsl-dspi: Fix crash when not using GPIO chip select
2024-10-23 22:37:54 +01:00
spmi
ssb
staging
Merge tag 'staging-6.12-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
2024-11-10 08:53:24 -08:00
target
Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
2024-10-19 12:52:19 -07:00
tc
tee
optee: Fix a NULL vs IS_ERR() check
2024-09-09 12:22:06 +02:00
thermal
thermal/of: support thermal zones w/o trips subnode
2024-11-04 15:38:29 +01:00
thunderbolt
Merge tag 'thunderbolt-for-v6.12-rc7' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/westeri/thunderbolt into usb-linus
2024-11-07 16:11:57 +01:00
tty
serial: qcom-geni: rename suspend functions
2024-10-11 08:39:24 +02:00
ufs
Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
2024-11-08 09:56:27 -10:00
uio
uio: Constify struct kobj_type
2024-09-11 16:02:54 +02:00
usb
Merge tag 'usb-serial-6.12-rc7' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial into usb-linus
2024-11-08 08:36:31 +01:00
vdpa
vdpa/mlx5: Fix PA offset with unaligned starting iotlb map
2024-11-12 18:05:04 -05:00
vfio
[tree-wide] finally take no_llseek out
2024-09-27 08:18:43 -07:00
vhost
Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost
2024-10-07 11:33:26 -07:00
video
fbdev: wm8505fb: select CONFIG_FB_IOMEM_FOPS
2024-10-21 11:16:51 +02:00
virt
[tree-wide] finally take no_llseek out
2024-09-27 08:18:43 -07:00
virtio
virtio_pci: Fix admin vq cleanup by using correct info pointer
2024-11-06 04:40:07 -05:00
w1
w1: ds2482: Drop explicit initialization of struct i2c_device_id::driver_data to 0
2024-09-06 19:18:32 +02:00
watchdog
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
xen
xen: Remove dependency between pciback and privcmd
2024-10-18 11:59:04 +02:00
zorro
Kconfig
Makefile
leds: Init leds class earlier
2024-09-04 17:24:58 -05:00