Bart Van Assche 2004bfdef9 null_blk: Fix the null_add_dev() error path ...

If null_add_dev() fails, clear dev->nullb.

This patch fixes the following KASAN complaint:

BUG: KASAN: use-after-free in nullb_device_submit_queues_store+0xcf/0x160 [null_blk]
Read of size 8 at addr ffff88803280fc30 by task check/8409

Call Trace:
 dump_stack+0xa5/0xe6
 print_address_description.constprop.0+0x26/0x260
 __kasan_report.cold+0x7b/0x99
 kasan_report+0x16/0x20
 __asan_load8+0x58/0x90
 nullb_device_submit_queues_store+0xcf/0x160 [null_blk]
 configfs_write_file+0x1c4/0x250 [configfs]
 __vfs_write+0x4c/0x90
 vfs_write+0x145/0x2c0
 ksys_write+0xd7/0x180
 __x64_sys_write+0x47/0x50
 do_syscall_64+0x6f/0x2f0
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7ff370926317
Code: 64 89 02 48 c7 c0 ff ff ff ff eb bb 0f 1f 80 00 00 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24
RSP: 002b:00007fff2dd2da48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007ff370926317
RDX: 0000000000000002 RSI: 0000559437ef23f0 RDI: 0000000000000001
RBP: 0000559437ef23f0 R08: 000000000000000a R09: 0000000000000001
R10: 0000559436703471 R11: 0000000000000246 R12: 0000000000000002
R13: 00007ff370a006a0 R14: 00007ff370a014a0 R15: 00007ff370a008a0

Allocated by task 8409:
 save_stack+0x23/0x90
 __kasan_kmalloc.constprop.0+0xcf/0xe0
 kasan_kmalloc+0xd/0x10
 kmem_cache_alloc_node_trace+0x129/0x4c0
 null_add_dev+0x24a/0xe90 [null_blk]
 nullb_device_power_store+0x1b6/0x270 [null_blk]
 configfs_write_file+0x1c4/0x250 [configfs]
 __vfs_write+0x4c/0x90
 vfs_write+0x145/0x2c0
 ksys_write+0xd7/0x180
 __x64_sys_write+0x47/0x50
 do_syscall_64+0x6f/0x2f0
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

Freed by task 8409:
 save_stack+0x23/0x90
 __kasan_slab_free+0x112/0x160
 kasan_slab_free+0x12/0x20
 kfree+0xdf/0x250
 null_add_dev+0xaf3/0xe90 [null_blk]
 nullb_device_power_store+0x1b6/0x270 [null_blk]
 configfs_write_file+0x1c4/0x250 [configfs]
 __vfs_write+0x4c/0x90
 vfs_write+0x145/0x2c0
 ksys_write+0xd7/0x180
 __x64_sys_write+0x47/0x50
 do_syscall_64+0x6f/0x2f0
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

Fixes: 2984c8684f ("nullb: factor disk parameters")
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Reviewed-by: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com>
Cc: Johannes Thumshirn <jth@kernel.org>
Cc: Hannes Reinecke <hare@suse.com>
Cc: Ming Lei <ming.lei@redhat.com>
Cc: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

2020-03-10 07:09:59 -06:00

..

accessibility

…

acpi

Merge tag 'acpi-5.6-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

2020-02-28 09:02:18 -08:00

amba

…

android

binder: prevent UAF for binderfs devices II

2020-03-03 19:58:37 +01:00

ata

Merge tag 'libata-5.6-2020-02-05' of git://git.kernel.dk/linux-block

2020-02-06 06:11:50 +00:00

atm

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next

2020-01-28 16:02:33 -08:00

auxdisplay

…

base

Merge tag 'driver-core-5.6-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core

2020-03-08 10:39:40 -05:00

bcma

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next

2020-01-28 16:02:33 -08:00

block

null_blk: Fix the null_add_dev() error path

2020-03-10 07:09:59 -06:00

bluetooth

Bluetooth: btrtl: Use kvmalloc for FW allocations

2020-01-24 19:57:53 +01:00

bus

Merge tag 'omap-for-v5.6/fixes-rc3-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into arm/fixes

2020-02-29 11:47:44 -08:00

cdrom

scsi: compat_ioctl: cdrom: Replace .ioctl with .compat_ioctl in four appropriate places

2020-02-24 15:06:07 -05:00

char

tpm: Initialize crypto_id of allocated_banks to HASH_ALGO__LAST

2020-02-17 20:47:06 +02:00

clk

Merge tag 'armsoc-late' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

2020-02-08 14:17:27 -08:00

clocksource

Merge tag 'armsoc-late' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

2020-02-08 14:17:27 -08:00

connector

…

counter

…

cpufreq

cpufreq: Fix policy initialization for internal governor drivers

2020-02-27 08:57:48 +01:00

cpuidle

Merge tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

2020-02-08 14:04:19 -08:00

crypto

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next

2020-01-28 16:02:33 -08:00

dax

dax: Get rid of fs_dax_get_by_host() helper

2020-01-16 09:52:27 -08:00

dca

…

devfreq

Revert "PM / devfreq: Modify the device name as devfreq(X) for sysfs"

2020-02-24 11:14:29 +09:00

dio

…

dma

dmaengine: imx-sdma: Fix the event id check to include RX event for UART6

2020-02-25 14:15:26 +05:30

dma-buf

dma-buf: free dmabuf->name in dma_buf_release()

2020-02-27 18:01:58 +05:30

edac

EDAC/synopsys: Do not print an error with back-to-back snprintf() calls

2020-02-27 16:44:25 +01:00

eisa

…

extcon

…

firewire

…

firmware

Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

2020-03-08 17:36:22 -07:00

fpga

…

fsi

fsi: aspeed: add unspecified HAS_IOMEM dependency

2020-02-10 13:45:49 -08:00

gnss

…

gpio

gpio: sifive: fix static checker warning

2020-02-10 13:54:17 +01:00

gpu

Merge tag 'amd-drm-fixes-5.6-2020-03-05' of git://people.freedesktop.org/~agd5f/linux into drm-fixes

2020-03-06 11:06:33 +10:00

greybus

…

hid

HID: hyperv: NULL check before some freeing functions is not needed.

2020-03-05 14:17:11 +00:00

hsi

…

hv

Merge tag 'hyperv-next-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux

2020-02-03 14:42:03 +00:00

hwmon

hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT()

2020-03-03 12:42:55 -08:00

hwspinlock

hwspinlock: sirf: Use devm_hwspin_lock_register() to register hwlock controller

2020-01-21 16:16:36 -08:00

hwtracing

coresight: etm4x: Fix unused function warning

2020-01-14 15:38:28 +01:00

i2c

i2c: altera: Fix potential integer overflow

2020-02-13 09:29:30 +01:00

i3c

i3c: master: dw: reattach device on first available location of address table

2020-01-13 10:00:05 +01:00

ide

scsi: compat_ioctl: cdrom: Replace .ioctl with .compat_ioctl in four appropriate places

2020-02-24 15:06:07 -05:00

idle

intel_idle: Introduce 'states_off' module parameter

2020-02-03 11:57:18 +01:00

iio

Merge tag 'tag-chrome-platform-for-v5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux

2020-02-04 07:17:41 +00:00

infiniband

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma

2020-03-07 19:52:55 -06:00

input

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input

2020-02-15 16:49:25 -08:00

interconnect

interconnect: Handle memory allocation errors

2020-03-03 08:02:57 +01:00

iommu

iommu/arm-smmu: Restore naming of driver parameter prefix

2020-02-19 12:03:21 +01:00

ipack

…

irqchip

irqchip/gic-v4.1: Avoid 64bit division for the sake of 32bit ARM

2020-02-09 15:47:37 -08:00

isdn

proc: convert everything to "struct proc_ops"

2020-02-04 03:05:26 +00:00

leds

leds: lm3532: add pointer to documentation and fix typo

2020-01-22 21:08:24 +01:00

lightnvm

…

macintosh

macintosh: therm_windtunnel: fix regression when instantiating devices

2020-02-29 21:13:22 +01:00

mailbox

…

mcb

…

md

Merge tag 'block-5.6-2020-03-07' of git://git.kernel.dk/linux-block

2020-03-07 14:14:38 -06:00

media

media: mc-entity.c: use & to check pad flags, not ==

2020-02-24 15:10:04 +01:00

memory

Merge tag 'mvebu-drivers-5.6-1' of git://git.infradead.org/linux-mvebu into arm/drivers

2020-01-16 10:45:44 -08:00

memstick

…

message

Merge ra.kernel.org:/pub/scm/linux/kernel/git/netdev/net

2020-01-19 22:10:04 +01:00

mfd

Merge tag 'tag-chrome-platform-for-v5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux

2020-02-04 07:17:41 +00:00

misc

altera-stapl: altera_get_note: prevent write beyond end of 'key'

2020-03-03 08:02:57 +01:00

mmc

Merge tag 'ioremap-5.6' of git://git.infradead.org/users/hch/ioremap

2020-01-27 13:03:00 -08:00

mtd

treewide: remove redundant IS_ERR() before error code check

2020-02-04 03:05:27 +00:00

mux

…

net

net: dsa: mv88e6xxx: Fix masking of egress port

2020-02-27 12:29:09 -08:00

nfc

nfc: pn544: Fix occasional HW initialization failure

2020-02-19 11:09:27 -08:00

ntb

…

nubus

…

nvdimm

mm: Cleanup __put_devmap_managed_page() vs ->page_free()

2020-01-31 10:30:37 -08:00

nvme

nvme-pci: Hold cq_poll_lock while completing CQEs

2020-02-28 01:32:14 +09:00

nvmem

Merge branch 'i2c/for-5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux

2020-02-07 12:54:13 -08:00

of

Merge tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

2020-02-08 14:04:19 -08:00

opp

Merge tag 'ioremap-5.6' of git://git.infradead.org/users/hch/ioremap

2020-01-27 13:03:00 -08:00

oprofile

tracing: Make struct ring_buffer less ambiguous

2020-01-13 13:19:38 -05:00

parisc

proc: convert everything to "struct proc_ops"

2020-02-04 03:05:26 +00:00

parport

…

pci

PCI: brcmstb: Fix build on 32bit ARM platforms with older compilers

2020-02-27 08:06:20 -06:00

pcmcia

…

perf

drivers/perf: arm_pmu_acpi: Fix incorrect checking of gicc pointer

2020-03-02 12:07:35 +00:00

phy

Merge tag 'phy-for-5.6-rc_v2' of git://git.kernel.org/pub/scm/linux/kernel/git/kishon/linux-phy into usb-linus

2020-03-04 13:28:52 +01:00

pinctrl

pinctrl: fix pxa2xx.c build warnings

2020-02-04 03:05:24 +00:00

platform

platform/chrome: wilco_ec: Include asm/unaligned instead of linux/ path

2020-02-11 09:10:36 +01:00

pnp

proc: convert everything to "struct proc_ops"

2020-02-04 03:05:26 +00:00

power

Merge tag 'armsoc-soc' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

2020-02-08 13:55:25 -08:00

powercap

Merge back power capping changes for v5.6.

2020-01-13 10:32:19 +01:00

pps

…

ps3

…

ptp

Merge ra.kernel.org:/pub/scm/linux/kernel/git/netdev/net

2020-01-19 22:10:04 +01:00

pwm

pwm: Remove set but not set variable 'pwm'

2020-01-20 15:40:49 +01:00

rapidio

…

ras

…

regulator

Merge tag 'regulator-fix-v5.6-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator

2020-03-06 14:48:30 -06:00

remoteproc

remoteproc: qcom: q6v5-mss: Improve readability of reset_assert

2020-01-24 09:34:07 -08:00

reset

reset: intel: add unspecified HAS_IOMEM dependency

2020-02-10 11:11:55 +01:00

rpmsg

rpmsg: add rpmsg support for mt8183 SCP.

2020-01-20 10:29:56 -08:00

rtc

Merge tag 'tag-chrome-platform-for-v5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux

2020-02-04 07:17:41 +00:00

s390

Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

2020-02-29 09:58:47 -06:00

sbus

…

scsi

scsi: compat_ioctl: cdrom: Replace .ioctl with .compat_ioctl in four appropriate places

2020-02-24 15:06:07 -05:00

sfi

…

sh

…

siox

siox: Use the correct style for SPDX License Identifier

2020-01-14 21:46:53 +01:00

slimbus

slimbus: qcom: add missed clk_disable_unprepare in remove

2020-01-14 21:46:48 +01:00

soc

Merge tag 'imx-fixes-5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux into arm/fixes

2020-02-24 09:57:05 -08:00

soundwire

soundwire: cadence: fix kernel-doc parameter descriptions

2020-01-16 17:34:38 +05:30

spi

Merge tag 'spi-fix-v5.6-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi

2020-03-06 14:50:16 -06:00

spmi

spmi: pmic-arb: Set lockdep class for hierarchical irq domains

2020-02-10 13:16:04 +01:00

ssb

…

staging

Merge tag 'tty-5.6-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty

2020-03-08 10:35:04 -05:00

target

scsi: Revert "target: iscsi: Wait for all commands to finish before freeing a session"

2020-02-14 17:13:54 -05:00

tc

Merge tag 'mips_5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux

2020-01-31 11:28:31 -08:00

tee

Merge tag 'socfpga_dts_fix_for_v5.6_v2' of git://git.kernel.org/pub/scm/linux/kernel/git/dinguyen/linux into arm/fixes

2020-03-03 16:40:56 -08:00

thermal

Merge tag 'thermal-v5.6-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/thermal/linux

2020-01-31 14:39:21 -08:00

thunderbolt

thunderbolt: Prevent crash if non-active NVMem file is read

2020-02-13 04:59:30 -08:00

tty

tty: serial: fsl_lpuart: free IDs allocated by IDA

2020-03-06 14:10:44 +01:00

uio

uio: uio_pdrv_genirq: Do not log an error when deferring probe routine.

2020-01-14 15:27:51 +01:00

usb

usb: dwc3: gadget: Update chain bit correctly when using sg list

2020-03-04 10:58:16 +01:00

vfio

Merge tag 'vfio-v5.6-rc1' of git://github.com/awilliam/linux-vfio

2020-02-03 22:22:05 +00:00

vhost

vhost: Check docket sk_family instead of call getname

2020-02-22 21:41:42 -08:00

video

Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

2020-03-08 17:36:22 -07:00

virt

…

virtio

virtio_balloon: Fix memory leaks on errors in virtballoon_probe()

2020-02-06 03:40:27 -05:00

visorbus

visorbus: fix uninitialized variable access

2020-01-14 15:30:35 +01:00

vlynq

…

vme

Merge tag 'char-misc-5.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc

2020-01-29 10:35:54 -08:00

w1

Merge tag 'char-misc-5.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc

2020-01-29 10:35:54 -08:00

watchdog

Merge tag 'acpi-5.6-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

2020-02-28 09:02:18 -08:00

xen

xen/xenbus: fix locking

2020-03-05 09:42:23 -06:00

zorro

Merge tag 'kbuild-v5.6-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild

2020-02-09 16:05:50 -08:00

Kconfig

…

Makefile

…