system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-09-21 11:38:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/drivers
History
Nicholas Bellinger bc66552476 [SCSI] target/iblock: Fix failed bd claim NULL pointer dereference 
This patch adds an explict check for struct iblock_dev->ibd_bd in
iblock_free_device() before calling blkdev_put(), which will otherwise hit
the following NULL pointer dereference @ ib_dev->ibd_bd when iblock_create_virtdevice()
fails to claim an already in-use struct block_device via blkdev_get_by_path().

[  112.528578] Target_Core_ConfigFS: Allocated struct se_subsystem_dev: ffff88001e750000 se_dev_su_ptr: ffff88001dd05d70
[  112.534681] Target_Core_ConfigFS: Calling t->free_device() for se_dev_su_ptr: ffff88001dd05d70
[  112.535029] BUG: unable to handle kernel NULL pointer dereference at 0000000000000020
[  112.535029] IP: [<ffffffff814987a3>] mutex_lock+0x14/0x35
[  112.535029] PGD 1e5d0067 PUD 1e274067 PMD 0
[  112.535029] Oops: 0002 [#1] SMP
[  112.535029] last sysfs file: /sys/devices/pci0000:00/0000:00:07.1/host2/target2:0:0/2:0:0:0/type
[  112.535029] CPU 0
[  112.535029] Modules linked in: iscsi_target_mod target_core_stgt scsi_tgt target_core_pscsi target_core_file target_core_iblock target_core_mod configfs sr_mod cdrom sd_mod ata_piix mptspi mptscsih libata mptbase [last unloaded: scsi_wait_scan]
[  112.535029]
[  112.535029] Pid: 3345, comm: python2.5 Not tainted 2.6.37+ #1 440BX Desktop Reference Platform/VMware Virtual Platform
[  112.535029] RIP: 0010:[<ffffffff814987a3>]  [<ffffffff814987a3>] mutex_lock+0x14/0x35
[  112.535029] RSP: 0018:ffff88001e6d7d58  EFLAGS: 00010246
[  112.535029] RAX: 0000000000000000 RBX: 0000000000000020 RCX: 0000000000000082
[  112.535029] RDX: ffff88001e6d7fd8 RSI: 0000000000000083 RDI: 0000000000000020
[  112.535029] RBP: ffff88001e6d7d68 R08: 0000000000000000 R09: 0000000000000000
[  112.535029] R10: ffff8800000be860 R11: ffff88001f420000 R12: 0000000000000020
[  112.535029] R13: 0000000000000083 R14: ffff88001d809430 R15: ffff88001d8094f8
[  112.535029] FS:  00007ff17ca7d6e0(0000) GS:ffff88001fa00000(0000) knlGS:0000000000000000
[  112.535029] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  112.535029] CR2: 0000000000000020 CR3: 000000001e5d2000 CR4: 00000000000006f0
[  112.535029] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  112.535029] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  112.535029] Process python2.5 (pid: 3345, threadinfo ffff88001e6d6000, task ffff88001e2d0760)
[  112.535029] Stack:
[  112.535029]  ffff88001e6d7d88 0000000000000000 ffff88001e6d7d98 ffffffff811187fc
[  112.535029]  ffff88001d809430 ffff88001dd05d70 ffff88001e750860 ffff88001e750000
[  112.535029]  ffff88001e6d7db8 ffffffffa00e3757 ffff88001e6d7db8 0000000000000004
[  112.535029] Call Trace:
[  112.535029]  [<ffffffff811187fc>] blkdev_put+0x28/0x107
[  112.535029]  [<ffffffffa00e3757>] iblock_free_device+0x1d/0x36 [target_core_iblock]
[  112.535029]  [<ffffffffa00a319c>] target_core_drop_subdev+0x15f/0x18d [target_core_mod]
[  112.535029]  [<ffffffffa00960db>] client_drop_item+0x25/0x31 [configfs]
[  112.535029]  [<ffffffffa00967b5>] configfs_rmdir+0x1a1/0x223 [configfs]
[  112.535029]  [<ffffffff810fa8cd>] vfs_rmdir+0x7e/0xd3
[  112.535029]  [<ffffffff810fc3be>] do_rmdir+0xa3/0xf4
[  112.535029]  [<ffffffff810fc446>] sys_rmdir+0x11/0x13
[  112.535029]  [<ffffffff81002a92>] system_call_fastpath+0x16/0x1b
[  112.535029] Code: 8b 04 25 88 b5 00 00 48 2d d8 1f 00 00 48 89 43 18 31 c0 5e 5b c9 c3 55 48 89 e5 53 48 89 fb 48 83 ec 08 e8 c4 f7 ff ff 48 89 df <3e> ff 0f 79 05 e8 1e ff ff ff 65 48 8b 04 25 88 b5 00 00 48 2d
[  112.535029] RIP  [<ffffffff814987a3>] mutex_lock+0x14/0x35
[  112.535029]  RSP <ffff88001e6d7d58>
[  112.535029] CR2: 0000000000000020
[  132.679636] ---[ end trace 05754bb48eb828f0 ]---

Note it also adds an second explict check for ib_dev->ibd_bio_set before calling
bioset_free() to fix the same possible NULL pointer deference during an early
iblock_create_virtdevice() failure.

Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-02-12 11:37:00 -06:00
..
accessibility
acpi ACPI / PM: Call suspend_nvs_free() earlier during resume 2011-01-20 18:30:17 -08:00
amba
ata libata: set queue DMA alignment to sector size for ATAPI too 2011-01-28 03:16:20 -05:00
atm Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/torvalds/linux-2.6 2011-01-24 13:17:06 -08:00
auxdisplay
base PM / Runtime: Don't enable interrupts while running in_interrupt 2011-01-25 20:50:07 +01:00
block nbd: remove module-level ioctl mutex 2011-02-11 16:12:20 -08:00
bluetooth Bluetooth: ath3k: reduce memory usage 2011-01-19 14:40:41 -02:00
cdrom cdrom: support devices that have check_events but not media_changed 2011-02-09 14:22:37 +01:00
char Merge branch 'for-james' of git://tpmdd.git.sourceforge.net/gitroot/tpmdd/tpmdd into for-linus 2011-02-11 17:34:47 +11:00
clk
clocksource drivers/clocksource/tcb_clksrc.c: fix init sequence 2011-01-26 10:50:04 +10:00
connector
cpufreq kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT 2011-01-20 17:02:05 -08:00
cpuidle Merge branch 'cpuidle-perf-events' into idle-test 2011-01-12 18:06:19 -05:00
crypto Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2011-01-13 10:25:58 -08:00
dca dca: remove unneeded NULL check 2011-01-13 08:03:09 -08:00
dio
dma Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/async_tx 2011-01-17 10:54:41 -08:00
edac amd64_edac: Fix DIMMs per DCTs output 2011-02-10 14:41:49 +01:00
eisa
firewire Merge branches 'fixes' and 'fwnet' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6 2011-01-21 13:34:39 -08:00
firmware kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT 2011-01-20 17:02:05 -08:00
gpio drivers/gpio/pca953x.c: add a mutex to fix race condition 2011-02-11 16:12:20 -08:00
gpu Merge branch 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6 2011-02-04 10:02:22 -08:00
hid kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT 2011-01-20 17:02:05 -08:00
hwmon hwmon: (emc1403) Fix I2C address range 2011-02-09 13:45:52 -08:00
i2c i2c: Encourage move to dev_pm_ops by warning on use of legacy methods 2011-01-14 22:03:50 +01:00
ide kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT 2011-01-20 17:02:05 -08:00
idle fix a shutdown regression in intel_idle 2011-01-25 05:57:34 +10:00
ieee802154
infiniband Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband 2011-02-03 11:19:26 -08:00
input arm/ixp4xx: Rename FREQ macro to avoid collisions 2011-02-06 16:49:48 +01:00
isdn isdn: hysdn: Kill (partially buggy) CVS regision log reporting. 2011-02-09 13:56:53 -08:00
leds leds: leds-pwm: return proper error if pwm_request failed 2011-01-26 10:49:58 +10:00
lguest lguest: compile fixes 2011-01-20 21:37:29 +10:30
macintosh powerpc/macintosh: Fix wrong test in fan_{read,write}_reg() 2011-01-21 14:08:34 +11:00
mca
md FIX: md: process hangs at wait_barrier after 0->10 takeover 2011-02-08 11:49:02 +11:00
media Merge branch 'media_fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6 2011-02-02 17:52:19 -08:00
memstick memstick: factor out transfer initiating functionality in mspro_block.c 2011-01-13 08:03:22 -08:00
message
mfd mfd: ab8500-core chip version cut 2.0 support 2011-01-14 12:38:18 +01:00
misc misc: Make AB8500_PWM driver depend on U8500 due to PWM breakage 2011-01-14 12:38:12 +01:00
mmc ARM: mmci: round down the bytes transferred on error 2011-01-31 10:53:37 +00:00
mtd Revert "UBI: use mtd->writebufsize to set minimal I/O unit size" 2011-01-29 18:27:13 +02:00
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2011-02-10 12:05:09 -08:00
nfc drivers/nfc/pn544.c: fix min_t warnings 2011-01-16 17:28:21 -08:00
nubus
of dt/flattree: Return virtual address from early_init_dt_alloc_memory_arch() 2011-01-15 22:01:58 -07:00
oprofile
parisc
parport parport: make lockdep happy with waitlist_lock 2011-01-26 10:49:59 +10:00
pci pci: use security_capable() when checking capablities during config space read 2011-02-11 17:58:11 +11:00
pcmcia kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT 2011-01-20 17:02:05 -08:00
platform intel_scu_ipc: remove duplicated #include 2011-01-31 12:59:34 +10:00
pnp Merge branch 'pnp' into release 2011-01-12 04:59:44 -05:00
power Merge git://git.infradead.org/battery-2.6 2011-01-14 09:25:59 -08:00
pps pps: claim parallel port exclusively 2011-01-26 10:50:00 +10:00
ps3
rapidio rapidio: fix new kernel-doc warnings 2011-01-22 20:32:37 -08:00
regulator regulator: Support MAX8998/LP3974 DVS-GPIO 2011-01-14 12:38:16 +01:00
rtc drivers/rtc/rtc-proc.c: add module_put on error path in rtc_proc_open() 2011-02-11 16:12:20 -08:00
s390 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2011-02-04 13:20:01 -08:00
sbus
scsi [SCSI] scsi_debug: Fix 32-bit overflow in do_device_access causing memory corruption 2011-02-12 11:21:56 -06:00
sfi SFI: use ioremap_cache() instead of ioremap() 2011-01-11 23:27:25 -05:00
sh sh: update INTC to clear IRQ sense valid flag 2011-01-19 19:02:35 +09:00
sn
spi Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/upstream-linus 2011-01-18 14:28:48 -08:00
ssb Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 2011-02-08 12:03:54 -08:00
staging Merge branch 'staging-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6 2011-02-10 12:19:23 -08:00
target [SCSI] target/iblock: Fix failed bd claim NULL pointer dereference 2011-02-12 11:37:00 -06:00
tc
telephony Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-01-13 10:05:56 -08:00
thermal Merge branch 'misc' into release 2011-01-12 05:14:15 -05:00
tty virtio: console: Update Copyright 2011-02-09 08:19:55 +10:30
uio
usb USB: cdc-acm: Adding second ACM channel support for Nokia N8 2011-02-04 12:38:14 -08:00
uwb
vhost vhost: rcu annotation fixup 2011-02-01 16:48:46 +02:00
video console: rename acquire/release_console_sem() to console_lock/unlock() 2011-01-26 10:50:06 +10:00
virtio virtio: remove virtio-pci root device 2011-01-20 21:37:30 +10:30
vlynq
w1 drivers/w1/masters/omap_hdq.c: add missing clk_put 2011-02-11 16:12:20 -08:00
watchdog watchdog: Add MCF548x watchdog driver. 2011-01-12 13:51:35 +00:00
xen Merge branch 'xen/xenbus' of git://git.kernel.org/pub/scm/linux/kernel/git/jeremy/xen 2011-01-20 16:37:28 -08:00
zorro
Kconfig [SCSI] target: Add LIO target core v4.0.0-rc6 2011-01-14 10:12:29 -06:00
Makefile Merge branch 'tty-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6 2011-01-20 16:39:23 -08:00