linux/block
Chengming Zhou 6be6d11241 blk-mq: fix tags UAF when shrinking q->nr_hw_queues
When nr_hw_queues shrink, we free the excess tags before realloc'ing
hw_ctxs for each queue. During that resize, we may need to access those
tags, like blk_mq_tag_idle(hctx) will access queue shared tags.

This can cause a slab use-after-free, as reported by KASAN. Fix it by
moving the releasing of excess tags to the end.

Fixes: e1dd7bc930 ("blk-mq: fix tags leak when shrink nr_hw_queues")
Reported-by: Yi Zhang <yi.zhang@redhat.com>
Closes: https://lore.kernel.org/all/CAHj4cs_CK63uoDpGBGZ6DN4OCTpzkR3UaVgK=LX8Owr8ej2ieQ@mail.gmail.com/
Cc: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Chengming Zhou <zhouchengming@bytedance.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Link: https://lore.kernel.org/r/20230908005702.2183908-1-chengming.zhou@linux.dev
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2023-09-11 16:17:34 -06:00
..
partitions for-6.6/block-2023-08-28 2023-08-29 20:21:42 -07:00
badblocks.c block/badblocks: Remove redundant assignments 2022-04-23 07:15:26 -06:00
bdev.c New code for 6.6: 2023-08-23 13:06:55 +02:00
bfq-cgroup.c blkcg: Restructure blkg_conf_prep() and friends 2023-04-13 06:46:49 -06:00
bfq-iosched.c SCSI misc on 20230629 2023-06-30 11:57:07 -07:00
bfq-iosched.h block, bfq: remove BFQ_WEIGHT_LEGACY_DFL 2023-04-06 16:17:32 -06:00
bfq-wf2q.c block, bfq: inject I/O to underutilized actuators 2023-01-29 15:18:33 -07:00
bio-integrity.c bio-integrity: create multi-page bvecs in bio_integrity_add_page() 2023-08-09 16:05:35 -06:00
bio.c block: Bring back zero_fill_bio_iter 2023-08-14 15:40:42 -06:00
blk-cgroup-fc-appid.c block: Replace all non-returning strlcpy with strscpy 2023-06-01 09:13:31 -06:00
blk-cgroup-rwstat.c Revert "blk-cgroup: pin the gendisk in struct blkcg_gq" 2023-02-14 14:24:09 -07:00
blk-cgroup-rwstat.h block: Use the new blk_opf_t type 2022-07-14 12:14:30 -06:00
blk-cgroup.c for-6.6/block-2023-08-28 2023-08-29 20:21:42 -07:00
blk-cgroup.h for-6.4/block-2023-04-21 2023-04-26 12:52:58 -07:00
blk-core.c for-6.6/block-2023-08-28 2023-08-29 20:21:42 -07:00
blk-crypto-fallback.c blk-crypto: dynamically allocate fallback profile 2023-08-18 15:00:39 -06:00
blk-crypto-internal.h blk-crypto: remove blk_crypto_insert_cloned_request() 2023-03-16 09:35:09 -06:00
blk-crypto-profile.c blk-crypto: use dynamic lock class for blk_crypto_profile::lock 2023-07-05 16:36:12 -06:00
blk-crypto-sysfs.c block: make kobj_type structures constant 2023-02-09 09:38:16 -07:00
blk-crypto.c blk-crypto: make blk_crypto_evict_key() more robust 2023-03-16 09:35:09 -06:00
blk-flush.c blk-flush: reuse rq queuelist in flush state machine 2023-07-17 08:18:21 -06:00
blk-ia-ranges.c block: make kobj_type structures constant 2023-02-09 09:38:16 -07:00
blk-integrity.c blk-integrity: register sysfs attributes on struct device 2023-04-26 18:22:50 -06:00
blk-ioc.c blk-ioc: fix recursive spin_lock/unlock_irq() in ioc_clear_queue() 2023-06-07 07:51:00 -06:00
blk-iocost.c blk-iocost: fix queue stats accounting 2023-08-09 16:04:14 -06:00
blk-iolatency.c block: fix bad lockdep annotation in blk-iolatency 2023-08-10 17:24:53 -06:00
blk-ioprio.c blk-ioprio: Introduce promote-to-rt policy 2023-06-06 22:26:26 -06:00
blk-ioprio.h blk-ioprio: pass a gendisk to blk_ioprio_init and blk_ioprio_exit 2022-09-26 19:09:31 -06:00
blk-lib.c blk-lib: fix blkdev_issue_secure_erase 2022-09-15 00:25:17 -06:00
blk-map.c block: fix pin count management when merging same-page segments 2023-09-06 07:32:27 -06:00
blk-merge.c blk-mq: release crypto keyslot before reporting I/O complete 2023-03-16 09:35:09 -06:00
blk-mq-cpumap.c blk-mq: include <linux/blk-mq.h> in block/blk-mq.h 2023-04-13 06:52:29 -06:00
blk-mq-debugfs-zoned.c block: move zone related fields to struct gendisk 2022-07-06 06:46:26 -06:00
blk-mq-debugfs.c blk-mq: fix potential io hang by wrong 'wake_batch' 2023-06-12 09:55:53 -06:00
blk-mq-debugfs.h block: remove per-disk debugfs files in blk_unregister_queue 2022-06-17 07:31:05 -06:00
blk-mq-pci.c blk-mq: include <linux/blk-mq.h> in block/blk-mq.h 2023-04-13 06:52:29 -06:00
blk-mq-sched.c blk-mq: cleanup __blk_mq_sched_dispatch_requests 2023-04-13 06:57:18 -06:00
blk-mq-sched.h blk-mq: make sure elevator callbacks aren't called for passthrough request 2023-05-18 19:42:54 -06:00
blk-mq-sysfs.c blk-mq: include <linux/blk-mq.h> in block/blk-mq.h 2023-04-13 06:52:29 -06:00
blk-mq-tag.c for-6.5/block-2023-06-23 2023-06-26 12:47:20 -07:00
blk-mq-virtio.c blk-mq: include <linux/blk-mq.h> in block/blk-mq.h 2023-04-13 06:52:29 -06:00
blk-mq.c blk-mq: fix tags UAF when shrinking q->nr_hw_queues 2023-09-11 16:17:34 -06:00
blk-mq.h blk-mq: fix potential io hang by wrong 'wake_batch' 2023-06-12 09:55:53 -06:00
blk-pm.c blk-mq: include <linux/blk-mq.h> in block/blk-mq.h 2023-04-13 06:52:29 -06:00
blk-pm.h
blk-rq-qos.c block/rq_qos: protect rq_qos apis with a new lock 2023-05-23 11:13:19 -06:00
blk-rq-qos.h blk-iolatency: s/blkcg_rq_qos/iolat_rq_qos/ 2023-04-13 06:46:49 -06:00
blk-settings.c block: don't allow enabling a cache on devices that don't support it 2023-07-17 08:18:18 -06:00
blk-stat.c blk-mq: include <linux/blk-mq.h> in block/blk-mq.h 2023-04-13 06:52:29 -06:00
blk-stat.h block: make queue stat accounting a reference 2021-12-14 17:23:05 -07:00
blk-sysfs.c block: don't allow enabling a cache on devices that don't support it 2023-07-17 08:18:18 -06:00
blk-throttle.c blk-throttle: consider 'carryover_ios/bytes' in throtl_trim_slice() 2023-08-30 10:15:01 -06:00
blk-throttle.h blk-throttle: print signed value 'carryover_bytes/ios' for user 2023-08-30 10:15:01 -06:00
blk-timeout.c
blk-wbt.c Merge branch 'for-6.5/block-late' into block-6.5 2023-06-28 16:08:19 -06:00
blk-wbt.h blk-wbt: don't create wbt sysfs entry if CONFIG_BLK_WBT is disabled 2023-06-26 09:53:36 -06:00
blk-zoned.c Merge branch '6.5/scsi-staging' into 6.5/scsi-fixes 2023-07-11 12:15:15 -04:00
blk.h block: Add some exports for bcachefs 2023-08-14 15:40:42 -06:00
bounce.c block: change the blk_queue_bounce calling convention 2022-08-02 17:22:54 -06:00
bsg-lib.c scsi: replace the fmode_t argument to ->sg_io_fn with a simple bool 2023-06-12 08:04:04 -06:00
bsg.c SCSI misc on 20230629 2023-06-30 11:57:07 -07:00
disk-events.c block: consolidate __invalidate_device and fsync_bdev 2023-08-21 14:35:31 +02:00
early-lookup.c block: don't return -EINVAL for not found names in devt_from_devname 2023-06-22 09:09:33 -06:00
elevator.c blk-mq: release scheduler resource when request completes 2023-08-19 07:47:17 -06:00
elevator.h blk-mq: pass a flags argument to elevator_type->insert_requests 2023-04-13 06:52:30 -06:00
fops.c block: remove the call to file_remove_privs in blkdev_write_iter 2023-08-31 08:00:23 -06:00
genhd.c block: call into the file system for bdev_mark_dead 2023-08-21 14:35:32 +02:00
holder.c block: don't allow a disk link holder to itself 2022-11-16 15:19:56 -07:00
ioctl.c block: don't add or resize partition on the disk with GENHD_FL_NO_PART 2023-08-31 08:00:35 -06:00
ioprio.c scsi: block: Improve ioprio value validity checks 2023-06-16 12:04:30 -04:00
Kconfig block: sed-opal: keyring support for SED keys 2023-08-22 11:10:26 -06:00
Kconfig.iosched block: Default to use cgroup support for BFQ 2023-01-30 09:42:42 -07:00
kyber-iosched.c blk-mq: pass a flags argument to elevator_type->insert_requests 2023-04-13 06:52:30 -06:00
Makefile block: move the code to do early boot lookup of block devices to block/ 2023-06-05 10:57:40 -06:00
mq-deadline.c block/mq-deadline: use correct way to throttling write requests 2023-08-08 15:46:41 -06:00
opal_proto.h block: sed-opal: Implement IOC_OPAL_REVERT_LSP 2023-08-22 11:10:26 -06:00
sed-opal.c block: sed-opal: keyring support for SED keys 2023-08-22 11:10:26 -06:00
t10-pi.c block: add pi for extended integrity 2022-03-07 12:48:35 -07:00