android/android_kernel_samsung_sm8650
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3176160c22
android_kernel_samsung_sm8650/drivers/md
History
Markus Weippert 0b48970ce1 bcache: revert replacing IS_ERR_OR_NULL with IS_ERR 
commit bb6cc253861bd5a7cf8439e2118659696df9619f upstream.

Commit 028ddcac477b ("bcache: Remove unnecessary NULL point check in
node allocations") replaced IS_ERR_OR_NULL by IS_ERR. This leads to a
NULL pointer dereference.

BUG: kernel NULL pointer dereference, address: 0000000000000080
Call Trace:
 ? __die_body.cold+0x1a/0x1f
 ? page_fault_oops+0xd2/0x2b0
 ? exc_page_fault+0x70/0x170
 ? asm_exc_page_fault+0x22/0x30
 ? btree_node_free+0xf/0x160 [bcache]
 ? up_write+0x32/0x60
 btree_gc_coalesce+0x2aa/0x890 [bcache]
 ? bch_extent_bad+0x70/0x170 [bcache]
 btree_gc_recurse+0x130/0x390 [bcache]
 ? btree_gc_mark_node+0x72/0x230 [bcache]
 bch_btree_gc+0x5da/0x600 [bcache]
 ? cpuusage_read+0x10/0x10
 ? bch_btree_gc+0x600/0x600 [bcache]
 bch_gc_thread+0x135/0x180 [bcache]

The relevant code starts with:

    new_nodes[0] = NULL;

    for (i = 0; i < nodes; i++) {
        if (__bch_keylist_realloc(&keylist, bkey_u64s(&r[i].b->key)))
            goto out_nocoalesce;
    // ...
out_nocoalesce:
    // ...
    for (i = 0; i < nodes; i++)
        if (!IS_ERR(new_nodes[i])) {  // IS_ERR_OR_NULL before
028ddcac477b
            btree_node_free(new_nodes[i]);  // new_nodes[0] is NULL
            rw_unlock(true, new_nodes[i]);
        }

This patch replaces IS_ERR() by IS_ERR_OR_NULL() to fix this.

Fixes: 028ddcac477b ("bcache: Remove unnecessary NULL point check in node allocations")
Link: https://lore.kernel.org/all/3DF4A87A-2AC1-4893-AE5F-E921478419A9@suse.de/
Cc: stable@vger.kernel.org
Cc: Zheng Wang <zyytlz.wz@163.com>
Cc: Coly Li <colyli@suse.de>
Signed-off-by: Markus Weippert <markus@gekmihesg.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-08 08:51:15 +01:00
..
bcache bcache: revert replacing IS_ERR_OR_NULL with IS_ERR 2023-12-08 08:51:15 +01:00
persistent-data dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-audit.c dm: introduce audit event module for device mapper 2021-10-27 16:53:47 -04:00
dm-audit.h dm: introduce audit event module for device mapper 2021-10-27 16:53:47 -04:00
dm-bio-prison-v1.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-bio-prison-v1.h
dm-bio-prison-v2.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-bio-prison-v2.h dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-bio-record.h block: move integrity handling out of <linux/blkdev.h> 2021-10-18 06:17:02 -06:00
dm-bufio.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-builtin.c
dm-cache-background-tracker.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-cache-background-tracker.h dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-cache-block-types.h
dm-cache-metadata.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-cache-metadata.h dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-cache-policy-internal.h dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-cache-policy-smq.c dm cache policy smq: ensure IO doesn't prevent cleaner policy progress 2023-08-03 10:24:17 +02:00
dm-cache-policy.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-cache-policy.h dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-cache-target.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-clone-metadata.c dm clone metadata: remove unused function 2021-04-19 13:20:31 -04:00
dm-clone-metadata.h dm clone metadata: Fix return type of dm_clone_nr_of_hydrated_regions() 2020-03-27 14:42:51 -04:00
dm-clone-target.c dm clone: call kmem_cache_destroy() in dm_clone_init() error path 2023-05-11 23:03:41 +09:00
dm-core.h dm: fix a race condition in retrieve_deps 2023-10-06 14:56:32 +02:00
dm-crypt.c dm: avoid split of quoted strings where possible 2023-07-19 16:22:07 +02:00
dm-delay.c dm-delay: fix a race between delay_presuspend and delay_bio 2023-12-03 07:32:11 +01:00
dm-dust.c dm: use bdev_nr_sectors and bdev_nr_bytes instead of open coding them 2021-10-18 14:43:22 -06:00
dm-ebs-target.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-era-target.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-exception-store.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-exception-store.h dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-flakey.c dm flakey: fix a crash with invalid table line 2023-05-11 23:03:41 +09:00
dm-ima.c dm table: audit all dm_table_get_target() callers 2022-07-07 11:49:34 -04:00
dm-ima.h dm ima: add version info to dm related events in ima log 2021-08-20 15:59:47 -04:00
dm-init.c dm init: add dm-mod.waitfor to wait for asynchronously probed block devices 2023-07-23 13:49:38 +02:00
dm-integrity.c dm integrity: reduce vmalloc space footprint on 32-bit architectures 2023-07-23 13:49:35 +02:00
dm-io-rewind.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-io-tracker.h dm writecache: make writeback pause configurable 2021-06-28 16:30:13 -04:00
dm-io.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-ioctl.c dm: fix a race condition in retrieve_deps 2023-10-06 14:56:32 +02:00
dm-kcopyd.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-linear.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-log-userspace-base.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-log-userspace-transfer.c dm: avoid split of quoted strings where possible 2023-07-19 16:22:07 +02:00
dm-log-userspace-transfer.h
dm-log-writes.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-log.c dm: avoid split of quoted strings where possible 2023-07-19 16:22:07 +02:00
dm-mpath.c dm: fix undue/missing spaces 2023-07-19 16:22:07 +02:00
dm-mpath.h dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-path-selector.c
dm-path-selector.h dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-ps-historical-service-time.c dm mpath: provide high-resolution timer to HST for bio-based 2022-05-09 15:39:23 -04:00
dm-ps-io-affinity.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-ps-queue-length.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-ps-round-robin.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-ps-service-time.c dm: fix undue/missing spaces 2023-07-19 16:22:07 +02:00
dm-raid1.c dm: avoid split of quoted strings where possible 2023-07-19 16:22:07 +02:00
dm-raid.c dm raid: protect md_stop() with 'reconfig_mutex' 2023-08-03 10:24:05 +02:00
dm-region-hash.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-rq.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-rq.h dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-snap-persistent.c dm: avoid split of quoted strings where possible 2023-07-19 16:22:07 +02:00
dm-snap-transient.c dm: avoid split of quoted strings where possible 2023-07-19 16:22:07 +02:00
dm-snap.c dm: avoid split of quoted strings where possible 2023-07-19 16:22:07 +02:00
dm-stats.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-stats.h dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-stripe.c dm: avoid split of quoted strings where possible 2023-07-19 16:22:07 +02:00
dm-switch.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-sysfs.c dm sysfs: use default_groups in kobj_type 2022-01-06 09:48:55 -05:00
dm-table.c dm: fix a race condition in retrieve_deps 2023-10-06 14:56:32 +02:00
dm-target.c dax: introduce DAX_RECOVERY_WRITE dax access mode 2022-05-16 13:35:56 -07:00
dm-thin-metadata.c dm: avoid split of quoted strings where possible 2023-07-19 16:22:07 +02:00
dm-thin-metadata.h dm thin metadata: remove unused dm_thin_remove_block and __remove 2022-02-22 13:55:50 -05:00
dm-thin.c dm thin: fix issue_discard to pass GFP_NOIO to __blkdev_issue_discard 2023-06-21 16:00:55 +02:00
dm-uevent.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-uevent.h dm: fix undue/missing spaces 2023-07-19 16:22:07 +02:00
dm-unstripe.c dm: update target status functions to support IMA measurement 2021-08-10 13:34:23 -04:00
dm-verity-fec.c dm-verity: align struct dm_verity_fec_io properly 2023-12-08 08:51:14 +01:00
dm-verity-fec.h dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-verity-loadpin.c dm: verity-loadpin: Add NULL pointer check for 'bdev' parameter 2023-07-23 13:49:43 +02:00
dm-verity-target.c dm verity: don't perform FEC for failed readahead IO 2023-12-08 08:51:14 +01:00
dm-verity-verify-sig.c dm verity: fix require_signatures module_param permissions 2021-05-25 16:14:05 -04:00
dm-verity-verify-sig.h dm verity: Fix compilation warning 2020-08-04 15:48:13 -04:00
dm-verity.h dm-verity: align struct dm_verity_fec_io properly 2023-12-08 08:51:14 +01:00
dm-writecache.c dm: fix undue/missing spaces 2023-07-19 16:22:07 +02:00
dm-zero.c dm: add support for REQ_NOWAIT to various targets 2020-12-04 18:04:35 -05:00
dm-zone.c - Refactor DM core's mempool allocation so that it clearer by not 2022-08-02 14:21:25 -07:00
dm-zoned-metadata.c dm: avoid split of quoted strings where possible 2023-07-19 16:22:07 +02:00
dm-zoned-reclaim.c dm kcopyd: avoid useless atomic operations 2021-06-04 12:07:24 -04:00
dm-zoned-target.c dm zoned: free dmz->ddev array in dmz_put_zoned_devices 2023-10-10 22:00:44 +02:00
dm-zoned.h dm/dm-zoned: Use the enum req_op type 2022-07-14 12:14:31 -06:00
dm.c dm: don't attempt to queue IO under RCU protection 2023-09-23 11:11:10 +02:00
dm.h dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
Kconfig md: select BLOCK_LEGACY_AUTOLOAD 2023-03-22 13:33:58 +01:00
Makefile hardening updates for v5.20-rc1 2022-08-02 14:38:59 -07:00
md-autodetect.c md: return the allocated devices from md_alloc 2022-08-02 17:22:46 -06:00
md-bitmap.c md/md-bitmap: hold 'reconfig_mutex' in backlog_store() 2023-09-13 09:42:41 +02:00
md-bitmap.h md/raid1-10: submit write io directly if bitmap is not enabled 2023-07-19 16:20:58 +02:00
md-cluster.c fs: dlm: remove DLM_LSFL_FS from uapi 2022-08-23 14:54:54 -05:00
md-cluster.h md-cluster: introduce resync_info_get interface for sanity check 2018-10-18 09:36:35 -07:00
md-faulty.c block: pass a block_device to bio_clone_fast 2022-02-04 07:43:18 -07:00
md-linear.c md: add error_handlers for raid0 and linear 2023-09-13 09:42:44 +02:00
md-linear.h md/raid1: Replace zero-length array with flexible-array 2020-05-13 12:02:23 -07:00
md-multipath.c md: remove most calls to bdevname 2022-05-22 23:07:21 -07:00
md-multipath.h
md.c md: fix bi_status reporting in md_end_clone_io 2023-12-03 07:32:11 +01:00
md.h md: add error_handlers for raid0 and linear 2023-09-13 09:42:44 +02:00
raid0.c md: raid0: account for split bio in iostat accounting 2023-09-13 09:42:44 +02:00
raid0.h md/raid0: add discard support for the 'original' layout 2023-07-23 13:49:37 +02:00
raid1-10.c md/raid1-10: fix casting from randomized structure in raid1_submit_write() 2023-07-19 16:21:45 +02:00
raid1.c md/raid1: fix error: ISO C90 forbids mixed declarations 2023-09-23 11:11:09 +02:00
raid1.h md: raid1/raid10: drop pending_cnt 2022-03-08 15:16:54 -08:00
raid5-cache.c md/raid5-cache: fix null-ptr-deref for r5l_flush_stripe_to_raid() 2023-09-13 09:42:44 +02:00
raid5-log.h md/raid5-ppl: Drop unused argument from ppl_handle_flush_request() 2022-08-02 17:14:31 -06:00
raid5-ppl.c md/raid5-ppl: Drop unused argument from ppl_handle_flush_request() 2022-08-02 17:14:31 -06:00
raid5.c md/raid5: release batch_last before waiting for another stripe_head 2023-10-10 22:00:38 +02:00
raid5.h md/raid5: Cleanup prototype of raid5_get_active_stripe() 2022-09-22 00:05:04 -07:00
raid10.c md/raid10: use dereference_rdev_and_rrdev() to get devices 2023-09-13 09:42:41 +02:00
raid10.h md/raid10: convert resync_lock to use seqlock 2022-09-22 00:05:05 -07:00