vincenzopalazzo/linux
vincenzopalazzo
/
linux
1
0
Fork 0
Code Issues 7 Pull Requests 2 Packages Projects Releases Wiki Activity
linux/block
History
Chengming Zhou 6be6d11241 blk-mq: fix tags UAF when shrinking q->nr_hw_queues 
When nr_hw_queues shrink, we free the excess tags before realloc'ing
hw_ctxs for each queue. During that resize, we may need to access those
tags, like blk_mq_tag_idle(hctx) will access queue shared tags.

This can cause a slab use-after-free, as reported by KASAN. Fix it by
moving the releasing of excess tags to the end.

Fixes: e1dd7bc930 ("blk-mq: fix tags leak when shrink nr_hw_queues")
Reported-by: Yi Zhang <yi.zhang@redhat.com>
Closes: https://lore.kernel.org/all/CAHj4cs_CK63uoDpGBGZ6DN4OCTpzkR3UaVgK=LX8Owr8ej2ieQ@mail.gmail.com/
Cc: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Chengming Zhou <zhouchengming@bytedance.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Link: https://lore.kernel.org/r/20230908005702.2183908-1-chengming.zhou@linux.dev
Signed-off-by: Jens Axboe <axboe@kernel.dk>
 		2023-09-11 16:17:34 -06:00
..
partitions for-6.6/block-2023-08-28 2023-08-29 20:21:42 -07:00
Kconfig block: sed-opal: keyring support for SED keys 2023-08-22 11:10:26 -06:00
Kconfig.iosched
Makefile
badblocks.c
bdev.c New code for 6.6: 2023-08-23 13:06:55 +02:00
bfq-cgroup.c
bfq-iosched.c
bfq-iosched.h
bfq-wf2q.c
bio-integrity.c
bio.c
blk-cgroup-fc-appid.c
blk-cgroup-rwstat.c
blk-cgroup-rwstat.h
blk-cgroup.c for-6.6/block-2023-08-28 2023-08-29 20:21:42 -07:00
blk-cgroup.h
blk-core.c for-6.6/block-2023-08-28 2023-08-29 20:21:42 -07:00
blk-crypto-fallback.c
blk-crypto-internal.h
blk-crypto-profile.c
blk-crypto-sysfs.c
blk-crypto.c
blk-flush.c
blk-ia-ranges.c
blk-integrity.c
blk-ioc.c
blk-iocost.c
blk-iolatency.c
blk-ioprio.c
blk-ioprio.h
blk-lib.c
blk-map.c block: fix pin count management when merging same-page segments 2023-09-06 07:32:27 -06:00
blk-merge.c
blk-mq-cpumap.c
blk-mq-debugfs-zoned.c
blk-mq-debugfs.c
blk-mq-debugfs.h
blk-mq-pci.c
blk-mq-sched.c
blk-mq-sched.h
blk-mq-sysfs.c
blk-mq-tag.c
blk-mq-virtio.c
blk-mq.c blk-mq: fix tags UAF when shrinking q->nr_hw_queues 2023-09-11 16:17:34 -06:00
blk-mq.h
blk-pm.c
blk-pm.h
blk-rq-qos.c
blk-rq-qos.h
blk-settings.c
blk-stat.c
blk-stat.h
blk-sysfs.c
blk-throttle.c blk-throttle: consider 'carryover_ios/bytes' in throtl_trim_slice() 2023-08-30 10:15:01 -06:00
blk-throttle.h blk-throttle: print signed value 'carryover_bytes/ios' for user 2023-08-30 10:15:01 -06:00
blk-timeout.c
blk-wbt.c
blk-wbt.h
blk-zoned.c
blk.h
bounce.c
bsg-lib.c
bsg.c
disk-events.c block: consolidate __invalidate_device and fsync_bdev 2023-08-21 14:35:31 +02:00
early-lookup.c
elevator.c
elevator.h
fops.c block: remove the call to file_remove_privs in blkdev_write_iter 2023-08-31 08:00:23 -06:00
genhd.c block: call into the file system for bdev_mark_dead 2023-08-21 14:35:32 +02:00
holder.c
ioctl.c block: don't add or resize partition on the disk with GENHD_FL_NO_PART 2023-08-31 08:00:35 -06:00
ioprio.c
kyber-iosched.c
mq-deadline.c
opal_proto.h block: sed-opal: Implement IOC_OPAL_REVERT_LSP 2023-08-22 11:10:26 -06:00
sed-opal.c block: sed-opal: keyring support for SED keys 2023-08-22 11:10:26 -06:00
t10-pi.c