redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/drivers
History
Logan Gunthorpe 6e304262e3 nvme-multipath: Fix memory leak with ana_log_buf 
commit 3b7830904e upstream.

kmemleak reports a memory leak with the ana_log_buf allocated by
nvme_mpath_init():

unreferenced object 0xffff888120e94000 (size 8208):
  comm "nvme", pid 6884, jiffies 4295020435 (age 78786.312s)
    hex dump (first 32 bytes):
      00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
      01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00  ................
    backtrace:
      [<00000000e2360188>] kmalloc_order+0x97/0xc0
      [<0000000079b18dd4>] kmalloc_order_trace+0x24/0x100
      [<00000000f50c0406>] __kmalloc+0x24c/0x2d0
      [<00000000f31a10b9>] nvme_mpath_init+0x23c/0x2b0
      [<000000005802589e>] nvme_init_identify+0x75f/0x1600
      [<0000000058ef911b>] nvme_loop_configure_admin_queue+0x26d/0x280
      [<00000000673774b9>] nvme_loop_create_ctrl+0x2a7/0x710
      [<00000000f1c7a233>] nvmf_dev_write+0xc66/0x10b9
      [<000000004199f8d0>] __vfs_write+0x50/0xa0
      [<0000000065466fef>] vfs_write+0xf3/0x280
      [<00000000b0db9a8b>] ksys_write+0xc6/0x160
      [<0000000082156b91>] __x64_sys_write+0x43/0x50
      [<00000000c34fbb6d>] do_syscall_64+0x77/0x2f0
      [<00000000bbc574c9>] entry_SYSCALL_64_after_hwframe+0x49/0xbe

nvme_mpath_init() is called by nvme_init_identify() which is called in
multiple places (nvme_reset_work(), nvme_passthru_end(), etc). This
means nvme_mpath_init() may be called multiple times before
nvme_mpath_uninit() (which is only called on nvme_free_ctrl()).

When nvme_mpath_init() is called multiple times, it overwrites the
ana_log_buf pointer with a new allocation, thus leaking the previous
allocation.

To fix this, free ana_log_buf before allocating a new one.

Fixes: 0d0b660f21 ("nvme: add ANA support")
Cc: <stable@vger.kernel.org>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
Signed-off-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2020-02-28 17:22:20 +01:00
..
accessibility
acpi ACPI: PM: s2idle: Check fixed wakeup events in acpi_s2idle_wake() 2020-02-28 17:22:20 +01:00
amba ARM updates for 5.4-rc: 2019-10-23 06:26:33 -04:00
android binder: fix log spam for existing debugfs file creation. 2020-02-01 09:34:35 +00:00
ata libata: Fix retrieving of active qcs 2020-01-09 10:19:59 +01:00
atm fore200e: Fix incorrect checks of NULL pointer dereference 2020-02-24 08:36:36 +01:00
auxdisplay
base driver core: platform: fix u32 greater or equal to zero comparison 2020-02-24 08:36:55 +01:00
bcma
block floppy: check FDC index for errors before assigning it 2020-02-28 17:22:14 +01:00
bluetooth Bluetooth: btusb: Disable runtime suspend on Realtek devices 2020-02-11 04:35:09 -08:00
bus bus: ti-sysc: Implement quirk handling for CLKDM_NOAUTO 2020-02-24 08:36:35 +01:00
cdrom cdrom: respect device capabilities during opening action 2020-01-04 19:18:25 +01:00
char tpm: Initialize crypto_id of allocated_banks to HASH_ALGO__LAST 2020-02-28 17:22:13 +01:00
clk clk: uniphier: Add SCSSI clock gate for each channel 2020-02-24 08:36:42 +01:00
clocksource clocksource: davinci: only enable clockevents once tim34 is initialized 2020-02-24 08:36:46 +01:00
connector
counter
cpufreq cpufreq: Avoid creating excessively large stack frames 2020-02-11 04:35:25 -08:00
cpuidle cpuidle: teo: Avoid using "early hits" incorrectly 2020-02-05 21:22:52 +00:00
crypto crypto: chtls - Fixed memory leak 2020-02-24 08:36:40 +01:00
dax
dca
devfreq PM / devfreq: rk3399_dmc: Add COMPILE_TEST and HAVE_ARM_SMCCC dependency 2020-02-24 08:36:41 +01:00
dio
dma dmaengine: imx-sdma: Fix memory leak 2020-02-24 08:36:40 +01:00
dma-buf dma-buf: Fix memory leak in sync_file_merge() 2019-12-21 11:04:48 +01:00
edac EDAC/sifive: Fix return value check in ecc_register() 2020-02-24 08:36:51 +01:00
eisa
extcon extcon-intel-cht-wc: Don't reset USB data connection at probe 2020-02-01 09:34:46 +00:00
firewire net: add annotations on hh->hh_len lockless accesses 2020-01-09 10:20:06 +01:00
firmware firmware: arm_scmi: Fix doorbell ring logic for !CONFIG_64BIT 2020-01-26 10:01:07 +01:00
fpga
fsi fsi: core: Fix small accesses and unaligned offsets via sysfs 2019-12-31 16:45:09 +01:00
gnss
gpio gpiolib: Set lockdep class for hierarchical irq domains 2020-02-24 08:36:49 +01:00
gpu drm/panfrost: perfcnt: Reserve/use the AS attached to the perfcnt MMU context 2020-02-28 17:22:17 +01:00
greybus
hid HID: steam: Fix input device disappearing 2020-02-01 09:34:46 +00:00
hsi
hv hv_balloon: Balloon up according to request page number 2020-02-11 04:35:21 -08:00
hwmon hwmon: (pmbus/ltc2978) Fix PMBus polling of MFR_COMMON definitions. 2020-02-19 19:53:07 +01:00
hwspinlock
hwtracing intel_th: msu: Fix window switching without windows 2019-12-31 16:46:09 +01:00
i2c i2c: stm32f7: report dma error during probe 2020-01-26 10:01:06 +01:00
i3c
ide ide: serverworks: potential overflow in svwks_set_pio_mode() 2020-02-24 08:36:53 +01:00
idle
iio iio: st_gyro: Correct data for LSM9DS0 gyro 2020-02-01 09:34:36 +00:00
infiniband RDMA/mlx5: Don't fake udata for kernel path 2020-02-24 08:36:51 +01:00
input Input: edt-ft5x06 - work around first register access error 2020-02-24 08:36:45 +01:00
interconnect interconnect: qcom: qcs404: Walk the list safely on node removal 2019-12-17 19:55:39 +01:00
iommu iommu/qcom: Fix bogus detach logic 2020-02-28 17:22:12 +01:00
ipack
irqchip irqchip/gic-v3-its: Reference to its_invall_cmd descriptor when building INVALL 2020-02-24 08:37:01 +01:00
isdn net: use skb_queue_empty_lockless() in poll() handlers 2019-10-28 13:33:41 -07:00
leds leds: pca963x: Fix open-drain initialization 2020-02-24 08:36:24 +01:00
lightnvm
macintosh cpufreq: Use per-policy frequency QoS 2019-10-21 02:05:21 +02:00
mailbox mailbox: imx: Fix Tx doorbell shutdown path 2020-01-04 19:18:30 +01:00
mcb
md bcache: properly initialize 'path' and 'err' in register_bcache() 2020-02-24 08:37:03 +01:00
media media: uvcvideo: Add a quirk to force GEO GC6500 Camera bits-per-pixel value 2020-02-24 08:36:56 +01:00
memory memory: mtk-smi: Add PM suspend and resume ops 2020-01-17 19:48:59 +01:00
memstick memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' 2019-10-09 11:08:03 +02:00
message scsi: mptfusion: Fix double fetch bug in ioctl 2020-01-23 08:22:35 +01:00
mfd mfd: max77650: Select REGMAP_IRQ in Kconfig 2020-02-14 16:34:19 -05:00
misc misc: xilinx_sdfec: fix xsdfec_poll()'s return type 2020-02-24 08:36:47 +01:00
mmc mmc: core: Rework wp-gpio handling 2020-02-19 19:53:10 +01:00
mtd mtd: sharpslpart: Fix unsigned comparison to zero 2020-02-14 16:34:18 -05:00
mux
net e1000e: Use rtnl_lock to prevent race conditions between net and pci/pm 2020-02-28 17:22:14 +01:00
nfc NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use le16_add_cpu(). 2020-02-24 08:36:33 +01:00
ntb
nubus
nvdimm libnvdimm/btt: fix variable 'rc' set but not used 2020-01-04 19:18:12 +01:00
nvme nvme-multipath: Fix memory leak with ana_log_buf 2020-02-28 17:22:20 +01:00
nvmem nvmem: core: fix memory abort in cleanup path 2020-02-11 04:35:21 -08:00
of of: Add OF_DMA_DEFAULT_COHERENT & select it on powerpc 2020-02-11 04:35:25 -08:00
opp opp: Free static OPPs on errors while adding them 2020-02-24 08:36:34 +01:00
oprofile
parisc parisc: Remove 32-bit DMA enforcement from sba_iommu 2019-10-14 21:44:26 +02:00
parport parport: load lowlevel driver if ports not found 2019-12-31 16:45:25 +01:00
pci PCI: Add DMA alias quirk for PLX PEX NTB 2020-02-24 08:36:37 +01:00
pcmcia
perf perf/imx_ddr: Fix cpu hotplug state cleanup 2020-02-24 08:36:49 +01:00
phy phy: qualcomm: Adjust indentation in read_poll_timeout 2020-02-11 04:35:45 -08:00
pinctrl pinctrl: sh-pfc: sh7269: Fix CAN function GPIOs 2020-02-24 08:36:41 +01:00
platform platform/x86: intel_mid_powerbtn: Take a copy of ddata 2020-02-14 16:34:12 -05:00
pnp
power power: supply: ltc2941-battery-gauge: fix use-after-free 2020-02-11 04:35:24 -08:00
powercap powercap: intel_rapl: add NULL pointer check to rapl_mmio_cpu_online() 2020-01-14 20:08:18 +01:00
pps
ps3
ptp ptp: free ptp device pin descriptors properly 2020-01-23 08:22:51 +01:00
pwm pwm: Remove set but not set variable 'pwm' 2020-02-24 08:36:53 +01:00
rapidio
ras
regulator regulator: core: Fix exported symbols to the exported GPL version 2020-02-24 08:36:54 +01:00
remoteproc remoteproc: Initialize rproc_class before use 2020-02-24 08:36:54 +01:00
reset reset: uniphier: Add SCSSI reset control for each channel 2020-02-24 08:36:41 +01:00
rpmsg rpmsg: char: release allocated memory 2020-01-14 20:08:37 +01:00
rtc rtc: Kconfig: select REGMAP_I2C when necessary 2020-02-24 08:37:03 +01:00
s390 s390/pkey: fix missing length of protected key on return 2020-02-19 19:53:04 +01:00
sbus
scsi scsi: iscsi: Don't destroy session if there are outstanding connections 2020-02-24 08:36:50 +01:00
sfi
sh
siox
slimbus
soc soc/tegra: fuse: Correct straps' address for older Tegra124 device trees 2020-02-24 08:36:45 +01:00
soundwire soundwire: intel: fix PDI/stream mapping for Bulk 2019-12-31 16:45:11 +01:00
spi spi: spi-fsl-qspi: Ensure width is respected in spi-mem operations 2020-02-24 08:36:54 +01:00
spmi spmi: pmic-arb: Set lockdep class for hierarchical irq domains 2020-02-19 19:53:07 +01:00
ssb
staging staging: rtl8723bs: Fix potential overuse of kernel memory 2020-02-28 17:22:17 +01:00
target scsi: Revert "target/core: Inline transport_lun_remove_cmd()" 2020-02-28 17:22:17 +01:00
tc
tee tee: optee: Fix compilation issue with nommu 2020-02-05 21:22:49 +00:00
thermal thermal: Fix deadlock in thermal thermal_zone_device_check 2019-12-13 08:43:21 +01:00
thunderbolt thunderbolt: Prevent crash if non-active NVMem file is read 2020-02-28 17:22:13 +01:00
tty serdev: ttyport: restore client ops on deregistration 2020-02-28 17:22:19 +01:00
uio uio: fix a sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol() 2020-02-24 08:36:27 +01:00
usb usb: dwc3: debug: fix string position formatting mixup with ret and len 2020-02-28 17:22:16 +01:00
vfio vfio/spapr/nvlink2: Skip unpinning pages on error exit 2020-02-24 08:36:43 +01:00
vhost vhost/vsock: accept only packets with the right dst_cid 2020-01-04 19:19:18 +01:00
video pxa168fb: Fix the function used to release some memory in an error handling path 2020-02-24 08:36:25 +01:00
virt virt: vbox: fix memory leak in hgcm_call_preprocess_linaddr 2019-10-10 14:50:32 +02:00
virtio virtio_balloon: prevent pfn array overflow 2020-02-24 08:37:03 +01:00
visorbus visorbus: fix uninitialized variable access 2020-02-24 08:36:47 +01:00
vlynq
vme vme: bridges: reduce stack usage 2020-02-24 08:36:48 +01:00
w1 w1: ds250x: Fix build error without CRC16 2019-10-10 15:35:41 +02:00
watchdog drivers: watchdog: stm32_iwdg: set WDOG_HW_RUNNING at probe 2020-02-14 16:34:18 -05:00
xen xen/balloon: Support xend-based toolstack take two 2020-02-11 04:35:36 -08:00
zorro
Kconfig
Makefile