AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-12-17 15:26:48 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
4160989270
linux_dsm_epyc7002/drivers
History
Sasha Levin 9b81c84235 block: don't access bio->bi_error after bio_put() 
Commit 4246a0b6 ("block: add a bi_error field to struct bio") has added a few
dereferences of 'bio' after a call to bio_put(). This causes use-after-frees
such as:

[521120.719695] BUG: KASan: use after free in dio_bio_complete+0x2b3/0x320 at addr ffff880f36b38714
[521120.720638] Read of size 4 by task mount.ocfs2/9644
[521120.721212] =============================================================================
[521120.722056] BUG kmalloc-256 (Not tainted): kasan: bad access detected
[521120.722968] -----------------------------------------------------------------------------
[521120.722968]
[521120.723915] Disabling lock debugging due to kernel taint
[521120.724539] INFO: Slab 0xffffea003cdace00 objects=32 used=25 fp=0xffff880f36b38600 flags=0x46fffff80004080
[521120.726037] INFO: Object 0xffff880f36b38700 @offset=1792 fp=0xffff880f36b38800
[521120.726037]
[521120.726974] Bytes b4 ffff880f36b386f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[521120.727898] Object ffff880f36b38700: 00 88 b3 36 0f 88 ff ff 00 00 d8 de 0b 88 ff ff  ...6............
[521120.728822] Object ffff880f36b38710: 02 00 00 f0 00 00 00 00 00 00 00 00 00 00 00 00  ................
[521120.729705] Object ffff880f36b38720: 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00  ................
[521120.730623] Object ffff880f36b38730: 00 00 00 00 00 00 00 00 01 00 00 00 00 02 00 00  ................
[521120.731621] Object ffff880f36b38740: 00 02 00 00 01 00 00 00 d0 f7 87 ad ff ff ff ff  ................
[521120.732776] Object ffff880f36b38750: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[521120.733640] Object ffff880f36b38760: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[521120.734508] Object ffff880f36b38770: 01 00 03 00 01 00 00 00 88 87 b3 36 0f 88 ff ff  ...........6....
[521120.735385] Object ffff880f36b38780: 00 73 22 ad 02 88 ff ff 40 13 e0 3c 00 ea ff ff  .s".....@..<....
[521120.736667] Object ffff880f36b38790: 00 02 00 00 00 04 00 00 00 00 00 00 00 00 00 00  ................
[521120.737596] Object ffff880f36b387a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[521120.738524] Object ffff880f36b387b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[521120.739388] Object ffff880f36b387c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[521120.740277] Object ffff880f36b387d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[521120.741187] Object ffff880f36b387e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[521120.742233] Object ffff880f36b387f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[521120.743229] CPU: 41 PID: 9644 Comm: mount.ocfs2 Tainted: G    B           4.2.0-rc6-next-20150810-sasha-00039-gf909086 #2420
[521120.744274]  ffff880f36b38000 ffff880d89c8f638 ffffffffb6e9ba8a ffff880101c0e5c0
[521120.745025]  ffff880d89c8f668 ffffffffad76a313 ffff880101c0e5c0 ffffea003cdace00
[521120.745908]  ffff880f36b38700 ffff880f36b38798 ffff880d89c8f690 ffffffffad772854
[521120.747063] Call Trace:
[521120.747520] dump_stack (lib/dump_stack.c:52)
[521120.748053] print_trailer (mm/slub.c:653)
[521120.748582] object_err (mm/slub.c:660)
[521120.749079] kasan_report_error (include/linux/kasan.h:20 mm/kasan/report.c:152 mm/kasan/report.c:194)
[521120.750834] __asan_report_load4_noabort (mm/kasan/report.c:250)
[521120.753580] dio_bio_complete (fs/direct-io.c:478)
[521120.755752] do_blockdev_direct_IO (fs/direct-io.c:494 fs/direct-io.c:1291)
[521120.759765] __blockdev_direct_IO (fs/direct-io.c:1322)
[521120.761658] blkdev_direct_IO (fs/block_dev.c:162)
[521120.762993] generic_file_read_iter (mm/filemap.c:1738)
[521120.767405] blkdev_read_iter (fs/block_dev.c:1649)
[521120.768556] __vfs_read (fs/read_write.c:423 fs/read_write.c:434)
[521120.772126] vfs_read (fs/read_write.c:454)
[521120.773118] SyS_pread64 (fs/read_write.c:607 fs/read_write.c:594)
[521120.776062] entry_SYSCALL_64_fastpath (arch/x86/entry/entry_64.S:186)
[521120.777375] Memory state around the buggy address:
[521120.778118]  ffff880f36b38600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[521120.779211]  ffff880f36b38680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[521120.780315] >ffff880f36b38700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[521120.781465]                          ^
[521120.782083]  ffff880f36b38780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[521120.783717]  ffff880f36b38800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[521120.784818] ==================================================================

This patch fixes a few of those places that I caught while auditing the patch, but the
original patch should be audited further for more occurences of this issue since I'm
not too familiar with the code.

Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
2015-08-11 11:34:32 -06:00
..
accessibility
acpi Merge branches 'pm-cpuidle', 'pm-cpufreq' and 'acpi-resources' 2015-07-16 23:47:19 +02:00
amba
android
ata ata: ahci_platform: Add ACPI _CLS matching 2015-07-07 01:55:21 +02:00
atm
auxdisplay
base Fix firmware loader uevent buffer NULL pointer dereference 2015-07-09 11:20:01 -07:00
bcma
block block: add a bi_error field to struct bio 2015-07-29 08:55:15 -06:00
bluetooth
bus
cdrom
char Merge tag 'tpm-fixes-for-4.2-rc2' of https://github.com/PeterHuewe/linux-tpmdd into for-linus 2015-07-15 21:46:59 +10:00
clk A small set of fixes for problems found by smatch in new drivers 2015-07-11 11:08:21 -07:00
clocksource clocksource/imx: Define clocksource for mx27 2015-07-07 10:44:45 +02:00
connector
cpufreq Merge branches 'pm-cpuidle', 'pm-cpufreq' and 'acpi-resources' 2015-07-16 23:47:19 +02:00
cpuidle suspend-to-idle: Prevent RCU from complaining about tick_freeze() 2015-07-09 22:59:49 +02:00
crypto crypto: nx - Fix reentrancy bugs 2015-07-08 15:14:13 +08:00
dca
devfreq
dio
dma Merge branch 'akpm' (patches from Andrew) 2015-07-01 17:47:51 -07:00
dma-buf
edac A build fix for octeon_edac from Aaro Koskinen. 2015-07-03 12:10:12 -07:00
eisa
extcon
firewire
firmware Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2015-07-03 15:20:57 -07:00
fmc
gpio Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-07-01 15:19:35 -07:00
gpu Revert "drm/i915: Use crtc_state->active in primary check_plane func" 2015-07-12 15:00:20 -07:00
hid
hsi Fix up implicit <module.h> users that will break later. 2015-07-02 10:25:22 -07:00
hv
hwmon hwmon: (w83627ehf) Use swap() in w82627ehf_swap_tempreg() 2015-07-03 14:39:06 +02:00
hwspinlock hwspinlock: qcom: Correct msb in regmap_field 2015-07-01 16:15:05 +03:00
hwtracing/coresight
i2c i2c: Mark instantiated device nodes with OF_POPULATE 2015-07-09 22:25:54 +02:00
ide Minor merge needed, due to function move. 2015-07-01 10:49:25 -07:00
idle
iio
infiniband IB/core: Destroy ocrdma_dev_id IDR on module exit 2015-07-14 13:20:16 -04:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2015-07-11 11:16:04 -07:00
iommu IOMMU Fixes for Linux v4.2-rc0 2015-07-01 14:44:22 -07:00
ipack
irqchip Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2015-07-12 13:55:24 -07:00
isdn
leds Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/linux-leds 2015-07-01 19:09:11 -07:00
lguest
macintosh
mailbox Replace module_init with appropriate alternate initcall in non modules. 2015-07-02 10:36:29 -07:00
mcb
md block: don't access bio->bi_error after bio_put() 2015-08-11 11:34:32 -06:00
media Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/linux-leds 2015-07-01 19:09:11 -07:00
memory Merge branch 'fixes-rc1' into omap-for-v4.2/fixes 2015-07-06 05:33:17 -07:00
memstick memstick: remove deprecated use of pci api 2015-06-30 19:44:57 -07:00
message
mfd Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-07-01 15:19:35 -07:00
misc powerpc fixes for 4.2 2015-07-10 12:16:59 -07:00
mmc block: have drivers use blk_queue_max_discard_sectors() 2015-07-17 08:41:53 -06:00
mtd block: have drivers use blk_queue_max_discard_sectors() 2015-07-17 08:41:53 -06:00
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-07-13 11:18:25 -07:00
nfc
ntb NTB: Add split BAR output for debugfs stats 2015-07-04 14:09:32 -04:00
nubus
nvdimm block: add a bi_error field to struct bio 2015-07-29 08:55:15 -06:00
of Devicetree changes for v4.2 2015-07-01 19:40:18 -07:00
oprofile
parisc
parport
pci Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-07-01 15:19:35 -07:00
pcmcia Fix up implicit <module.h> users that will break later. 2015-07-02 10:25:22 -07:00
phy
pinctrl Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-07-01 15:19:35 -07:00
platform intel_scu_ipc: move local memory initialization out of a mutex 2015-07-14 11:02:44 -07:00
pnp ACPI / PNP: Reserve ACPI resources at the fs_initcall_sync stage 2015-07-06 23:52:21 +02:00
power Replace module_platform_driver with builtin_platform driver in non modules. 2015-07-02 10:42:13 -07:00
powercap
pps
ps3
ptp
pwm
rapidio
ras
regulator Fix up implicit <module.h> users that will break later. 2015-07-02 10:25:22 -07:00
remoteproc
reset
rpmsg
rtc
s390 block: add a bi_error field to struct bio 2015-07-29 08:55:15 -06:00
sbus
scsi block: have drivers use blk_queue_max_discard_sectors() 2015-07-17 08:41:53 -06:00
sfi
sh Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-07-01 15:19:35 -07:00
sn
soc ARM: SoC: late fixes and dependencies 2015-07-02 14:40:49 -07:00
spi
spmi
ssb
staging
target block: add a bi_error field to struct bio 2015-07-29 08:55:15 -06:00
tc
thermal Minor merge needed, due to function move. 2015-07-01 10:49:25 -07:00
thunderbolt
tty ARM: SoC: late fixes and dependencies 2015-07-02 14:40:49 -07:00
uio
usb Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-07-04 19:36:06 -07:00
uwb
vfio
vhost Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-07-04 14:13:43 -07:00
video stifb: Implement hardware accelerated copyarea 2015-07-10 21:44:19 +02:00
virt
virtio virtio/vhost: cross endian support 2015-07-03 16:02:25 -07:00
vlynq
vme
w1
watchdog Merge git://www.linux-watchdog.org/linux-watchdog 2015-07-01 19:33:16 -07:00
xen Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-07-04 14:13:43 -07:00
zorro
Kconfig
Makefile The libnvdimm sub-system introduces, in addition to the libnvdimm-core, 2015-06-29 10:34:42 -07:00