redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/drivers
History
Mikulas Patocka a207f59376 block: fix a probe argument to blk_register_region 
The probe function is supposed to return NULL on failure (as we can see in
kobj_lookup: kobj = probe(dev, index, data); ... if (kobj) return kobj;

However, in loop and brd, it returns negative error from ERR_PTR.

This causes a crash if we simulate disk allocation failure and run
less -f /dev/loop0 because the negative number is interpreted as a pointer:

BUG: unable to handle kernel NULL pointer dereference at 00000000000002b4
IP: [<ffffffff8118b188>] __blkdev_get+0x28/0x450
PGD 23c677067 PUD 23d6d1067 PMD 0
Oops: 0000 [#1] PREEMPT SMP
Modules linked in: loop hpfs nvidia(PO) ip6table_filter ip6_tables uvesafb cfbcopyarea cfbimgblt cfbfillrect fbcon font bitblit fbcon_rotate fbcon_cw fbcon_ud fbcon_ccw softcursor fb fbdev msr ipt_MASQUERADE iptable_nat nf_nat_ipv4 nf_conntrack_ipv4 nf_defrag_ipv4 xt_state ipt_REJECT xt_tcpudp iptable_filter ip_tables x_tables bridge stp llc tun ipv6 cpufreq_stats cpufreq_ondemand cpufreq_userspace cpufreq_powersave cpufreq_conservative hid_generic spadfs usbhid hid fuse raid0 snd_usb_audio snd_pcm_oss snd_mixer_oss md_mod snd_pcm snd_timer snd_page_alloc snd_hwdep snd_usbmidi_lib dmi_sysfs snd_rawmidi nf_nat_ftp nf_nat nf_conntrack_ftp nf_conntrack snd soundcore lm85 hwmon_vid ohci_hcd ehci_pci ehci_hcd serverworks sata_svw libata acpi_cpufreq freq_table mperf ide_core usbcore kvm_amd kvm tg3 i2c_piix4 libphy microcode e100 usb_common ptp skge i2c_core pcspkr k10temp evdev floppy hwmon pps_core mii rtc_cmos button processor unix [last unloaded: nvidia]
CPU: 1 PID: 6831 Comm: less Tainted: P        W  O 3.10.15-devel #18
Hardware name: empty empty/S3992-E, BIOS 'V1.06   ' 06/09/2009
task: ffff880203cc6bc0 ti: ffff88023e47c000 task.ti: ffff88023e47c000
RIP: 0010:[<ffffffff8118b188>]  [<ffffffff8118b188>] __blkdev_get+0x28/0x450
RSP: 0018:ffff88023e47dbd8  EFLAGS: 00010286
RAX: ffffffffffffff74 RBX: ffffffffffffff74 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
RBP: ffff88023e47dc18 R08: 0000000000000002 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88023f519658
R13: ffffffff8118c300 R14: 0000000000000000 R15: ffff88023f519640
FS:  00007f2070bf7700(0000) GS:ffff880247400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000000002b4 CR3: 000000023da1d000 CR4: 00000000000007e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Stack:
 0000000000000002 0000001d00000000 000000003e47dc50 ffff88023f519640
 ffff88043d5bb668 ffffffff8118c300 ffff88023d683550 ffff88023e47de60
 ffff88023e47dc98 ffffffff8118c10d 0000001d81605698 0000000000000292
Call Trace:
 [<ffffffff8118c300>] ? blkdev_get_by_dev+0x60/0x60
 [<ffffffff8118c10d>] blkdev_get+0x1dd/0x370
 [<ffffffff8118c300>] ? blkdev_get_by_dev+0x60/0x60
 [<ffffffff813cea6c>] ? _raw_spin_unlock+0x2c/0x50
 [<ffffffff8118c300>] ? blkdev_get_by_dev+0x60/0x60
 [<ffffffff8118c365>] blkdev_open+0x65/0x80
 [<ffffffff8114d12e>] do_dentry_open.isra.18+0x23e/0x2f0
 [<ffffffff8114d214>] finish_open+0x34/0x50
 [<ffffffff8115e122>] do_last.isra.62+0x2d2/0xc50
 [<ffffffff8115eb58>] path_openat.isra.63+0xb8/0x4d0
 [<ffffffff81115a8e>] ? might_fault+0x4e/0xa0
 [<ffffffff8115f4f0>] do_filp_open+0x40/0x90
 [<ffffffff813cea6c>] ? _raw_spin_unlock+0x2c/0x50
 [<ffffffff8116db85>] ? __alloc_fd+0xa5/0x1f0
 [<ffffffff8114e45f>] do_sys_open+0xef/0x1d0
 [<ffffffff8114e559>] SyS_open+0x19/0x20
 [<ffffffff813cff16>] system_call_fastpath+0x1a/0x1f
Code: 44 00 00 55 48 89 e5 41 57 49 89 ff 41 56 41 89 d6 41 55 41 54 4c 8d 67 18 53 48 83 ec 18 89 75 cc e9 f2 00 00 00 0f 1f 44 00 00 <48> 8b 80 40 03 00 00 48 89 df 4c 8b 68 58 e8 d5
a4 07 00 44 89
RIP  [<ffffffff8118b188>] __blkdev_get+0x28/0x450
 RSP <ffff88023e47dbd8>
CR2: 00000000000002b4
---[ end trace bb7f32dbf02398dc ]---

The brd change should be backported to stable kernels starting with 2.6.25.
The loop change should be backported to stable kernels starting with 2.6.22.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Acked-by: Tejun Heo <tj@kernel.org>
Cc: stable@kernel.org	# 2.6.22+
Signed-off-by: Jens Axboe <axboe@kernel.dk>
 		2013-11-08 08:59:39 -07:00
..
accessibility
acpi ACPI / PM: Drop two functions that are not used any more 2013-10-17 15:44:48 +02:00
amba
ata Merge branch 'for-3.12-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata 2013-10-22 08:21:34 +01:00
atm atm: nicstar: fix regression made by previous patch 2013-09-15 22:18:55 -04:00
auxdisplay
base driver core: Release device_hotplug_lock when store_mem_state returns EINVAL 2013-10-16 18:42:41 -07:00
bcma bcma: make bcma_core_pci_{up,down}() callable from atomic context 2013-09-26 14:02:33 -04:00
block block: fix a probe argument to blk_register_region 2013-11-08 08:59:39 -07:00
bluetooth Bluetooth: btusb: Add support for Belkin F8065bf 2013-09-23 17:44:25 -03:00
bus bus: mvebu-mbus: Fix optional pcie-mem/io-aperture properties 2013-10-01 17:04:17 +00:00
cdrom
char A small fix for Xen on x86_32 and a build fix for xen-tpmfront on arm64. 2013-10-15 16:22:11 -07:00
clk clk: fixup argument order when setting VCO parameters 2013-10-07 23:01:07 -07:00
clocksource clocksource: em_sti: Set cpu_possible_mask to fix SMP broadcast 2013-09-26 02:31:04 +02:00
connector connector: use 'size' everywhere in cn_netlink_send() 2013-10-02 16:03:50 -04:00
cpufreq acpi-cpufreq: Fail initialization if driver cannot be registered 2013-10-25 16:22:47 +02:00
cpuidle ACPI and power management fixes for 3.12-rc1 2013-09-12 11:22:45 -07:00
crypto Merge git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux 2013-09-07 12:53:35 +10:00
dca
devfreq
dio
dma dmaengine: edma: fix another memory leak 2013-10-24 22:17:50 +05:30
edac Merge git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile 2013-09-06 11:14:33 -07:00
eisa
extcon Driver core patches for 3.12-rc1 2013-09-03 11:37:15 -07:00
firewire
firmware firmware/dmi_scan: drop OOM messages 2013-09-11 15:58:51 -07:00
fmc
gpio gpiolib: let gpiod_request() return -EPROBE_DEFER 2013-10-11 16:31:54 +02:00
gpu i915: fix compiler warning 2013-10-31 15:28:23 -07:00
hid HID: wiimote: add LEGO-wiimote VID 2013-10-21 13:39:37 +02:00
hsi
hv Revert "Drivers: hv: vmbus: Fix a bug in channel rescind code" 2013-10-17 09:30:10 -07:00
hwmon hwmon: (applesmc) Always read until end of data 2013-10-09 09:48:55 -07:00
hwspinlock
i2c i2c: i2c-mux-pinctrl: use deferred probe when adapter not found 2013-10-10 10:22:35 +02:00
ide ide: sgiioc4: Staticize ioc4_ide_attach_one() 2013-09-05 15:21:30 -04:00
idle
iio iio:buffer: Free active scan mask in iio_disable_all_buffers() 2013-10-15 19:26:43 +01:00
infiniband Merge git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2013-10-27 10:16:33 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2013-10-31 10:38:59 -07:00
iommu x86, build, pci: Fix PCI_MSI build on !SMP 2013-10-04 10:43:34 -07:00
ipack
irqchip ARM: SoC late changes for v3.12 2013-09-09 16:35:29 -07:00
isdn isdn: hfcpci_softirq: get func return to suppress compiler warning 2013-09-15 22:27:04 -04:00
leds Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/linux-leds 2013-09-12 11:35:33 -07:00
lguest lguest: fix guest kernel stack overflow when TF bit set. 2013-09-06 08:09:27 +09:30
macintosh
mailbox mailbox: remove unnecessary platform_set_drvdata() 2013-09-18 12:02:00 -07:00
md raid5: avoid finding "discard" stripe 2013-10-24 13:00:24 +11:00
media [media] saa7134: Fix crash when device is closed before streamoff 2013-10-14 06:37:00 -03:00
memory ARM: SoC platform changes for 3.12 2013-09-06 13:30:06 -07:00
memstick memstick: add support for legacy memorysticks 2013-09-11 15:59:35 -07:00
message
mfd Remove GENERIC_HARDIRQ config option 2013-09-13 15:09:52 +02:00
misc mei: cancel stall timers in mei_reset 2013-09-26 13:56:53 -07:00
mmc ARM: shmobile: update SDHI DT compatibility string to the <unit>-<soc> format 2013-09-21 09:55:32 -07:00
mtd mtd: gpmi: fix ECC regression 2013-10-25 10:09:43 -07:00
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-10-23 07:47:42 +01:00
nfc
ntb ntb: clean up unnecessary MSI/MSI-X capability find 2013-09-05 11:08:01 -07:00
nubus
of Revert "drivers: of: add initialization code for dma reserved memory" 2013-10-15 09:26:07 +01:00
oprofile oprofile: get rid of pointless forward declarations of struct super_block 2013-09-03 22:52:48 -04:00
parisc PCI changes for the v3.12 merge window: 2013-09-03 16:24:35 -07:00
parport
pci Revert "ACPI / hotplug / PCI: Avoid doing too much for spurious notifies" 2013-10-30 15:28:52 +01:00
pcmcia
pinctrl pinctrl: palmas: do not abort pin configuration for BIAS_DEFAULT 2013-09-27 16:22:43 +02:00
platform platform/x86: fix asus-wmi build error 2013-10-23 07:57:57 +01:00
pnp pnp: change pnp bus pm_ops to invoke pnp driver dev_pm_ops if specified 2013-09-11 15:58:15 -07:00
power Remove GENERIC_HARDIRQ config option 2013-09-13 15:09:52 +02:00
pps Remove GENERIC_HARDIRQ config option 2013-09-13 15:09:52 +02:00
ps3
ptp
pwm ARM: SoC cleanups for 3.12 2013-09-06 13:21:16 -07:00
rapidio
regulator Merge remote-tracking branch 'regulator/fix/wm8350' into regulator-linus 2013-09-30 12:04:33 +01:00
remoteproc
reset
rpmsg
rtc rtc: simplify devm_request_mem_region/devm_ioremap 2013-09-11 15:58:59 -07:00
s390 s390/time: correct use of store clock fast 2013-10-22 09:16:40 +02:00
sbus
scsi aacraid: missing capable() check in compat ioctl 2013-10-30 12:24:49 -07:00
sfi
sh
sn
spi Merge remote-tracking branch 'spi/fix/s3c64xx' into spi-linus 2013-10-07 14:51:59 +01:00
ssb
staging Staging: sb105x: info leak in mp_get_count() 2013-10-30 12:24:50 -07:00
target target/pscsi: fix return value check 2013-10-25 10:42:09 -07:00
tc
thermal Merge branch 'x86_pkg_temp' of .git into for-rc 2013-10-21 11:26:45 +08:00
tty tty/serial: at91: fix uart/usart selection for older products 2013-10-17 13:27:24 -07:00
uio Fix a few incorrectly checked [io_]remap_pfn_range() calls 2013-10-29 10:21:34 -07:00
usb USB: serial: ftdi_sio: add id for Z3X Box device 2013-11-01 09:33:56 -07:00
uwb
vfio VFIO: vfio_iommu_type1: fix bug caused by break in nested loop 2013-10-11 10:40:46 -06:00
vhost vhost/scsi: Fix incorrect usage of get_user_pages_fast write parameter 2013-10-25 11:03:34 -07:00
video Fix a few incorrectly checked [io_]remap_pfn_range() calls 2013-10-29 10:21:34 -07:00
virt
virtio virtio_pci: pm: Use CONFIG_PM_SLEEP instead of CONFIG_PM 2013-09-09 10:02:53 +09:30
vlynq
vme
w1 w1 - call request_module with w1 master mutex unlocked 2013-10-07 00:12:14 -07:00
watchdog watchdog: sunxi: Fix section mismatch 2013-10-13 20:02:03 +02:00
xen Bug-fixes: 2013-09-25 15:50:53 -07:00
zorro
Kconfig
Makefile