mirrors/linux
2
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-05-16 17:12:50 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
25966fc097691e5c925ad080f64a2f19c5fd940a
linux/drivers
History
Mehul Rao 25966fc097 ublk: fix NULL pointer dereference in ublk_ctrl_set_size() 
ublk_ctrl_set_size() unconditionally dereferences ub->ub_disk via
set_capacity_and_notify() without checking if it is NULL.

ub->ub_disk is NULL before UBLK_CMD_START_DEV completes (it is only
assigned in ublk_ctrl_start_dev()) and after UBLK_CMD_STOP_DEV runs
(ublk_detach_disk() sets it to NULL). Since the UBLK_CMD_UPDATE_SIZE
handler performs no state validation, a user can trigger a NULL pointer
dereference by sending UPDATE_SIZE to a device that has been added but
not yet started, or one that has been stopped.

Fix this by checking ub->ub_disk under ub->mutex before dereferencing
it, and returning -ENODEV if the disk is not available.

Fixes: 98b995660b ("ublk: Add UBLK_U_CMD_UPDATE_SIZE")
Cc: stable@vger.kernel.org
Signed-off-by: Mehul Rao <mehulrao@gmail.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2026-03-06 04:25:44 -07:00
..
accel
Merge tag 'char-misc-7.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2026-02-17 09:11:04 -08:00
accessibility
acpi
Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
2026-02-09 20:28:45 -08:00
amba
android
Merge tag 'char-misc-7.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2026-02-17 09:11:04 -08:00
ata
Merge tag 'ata-6.20-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/libata/linux
2026-02-12 17:12:43 -08:00
atm
Merge tag 'mm-nonmm-stable-2026-02-12-10-48' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2026-02-12 12:13:01 -08:00
auxdisplay
Merge tag 'mm-nonmm-stable-2026-02-12-10-48' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2026-02-12 12:13:01 -08:00
base
Merge tag 'pinctrl-v7.0-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl
2026-02-16 09:35:24 -08:00
bcma
block
ublk: fix NULL pointer dereference in ublk_ctrl_set_size()
2026-03-06 04:25:44 -07:00
bluetooth
Merge tag 'tty-7.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty
2026-02-17 09:30:52 -08:00
bus
Merge tag 'char-misc-7.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2026-02-17 09:11:04 -08:00
cache
cdrom
cdx
cdx: Use mutex guard to simplify error handling
2026-02-03 20:58:13 -06:00
char
Merge tag 'char-misc-7.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2026-02-17 09:11:04 -08:00
clk
Merge tag 'mips_7.0' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux
2026-02-16 09:30:44 -08:00
clocksource
Merge tag 'x86_paravirt_for_v7.0_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2026-02-10 19:01:45 -08:00
comedi
Merge tag 'char-misc-7.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2026-02-17 09:11:04 -08:00
connector
counter
cpufreq
Merge tag 'devicetree-for-7.0' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux
2026-02-11 18:27:08 -08:00
cpuidle
Merge tag 'pci-v7.0-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci
2026-02-11 17:20:38 -08:00
crypto
Merge tag 'platform-drivers-x86-v7.0-1' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86
2026-02-13 15:39:15 -08:00
cxl
Merge tag 'cxl-for-7.0' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl
2026-02-12 16:33:05 -08:00
dax
Merge tag 'cxl-for-7.0' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl
2026-02-12 16:33:05 -08:00
dca
devfreq
dibs
dio
dma
Merge tag 'dmaengine-7.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine
2026-02-17 11:47:17 -08:00
dma-buf
Merge tag 'vfio-v7.0-rc1' of https://github.com/awilliam/linux-vfio
2026-02-12 15:52:39 -08:00
dpll
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2026-02-11 15:14:35 +01:00
edac
Merge tag 'edac_updates_for_v7.0_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras
2026-02-10 18:14:36 -08:00
eisa
extcon
firewire
Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
2026-02-12 15:43:02 -08:00
firmware
Merge tag 'char-misc-7.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2026-02-17 09:11:04 -08:00
fpga
fpga: dfl: fix typo in header file
2026-01-22 17:08:06 +08:00
fsi
fsi: scom: Convert to fsi bus probe mechanism
2026-01-27 16:35:36 +01:00
fwctl
gnss
gpib
gpib: tnt4882: Unify *allocate_private usage
2026-01-27 16:04:08 +01:00
gpio
Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost
2026-02-13 12:02:18 -08:00
gpu
Partly revert "drm/hyperv: Remove reference to hyperv_fb driver"
2026-02-14 14:38:23 -08:00
greybus
hid
Merge tag 'input-for-v7.0-rc0' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
2026-02-15 08:24:19 -08:00
hsi
hte
hv
drivers: hv: vmbus_drv: Remove reference to hpyerv_fb
2026-02-14 11:07:12 +01:00
hwmon
Merge tag 'mm-nonmm-stable-2026-02-12-10-48' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2026-02-12 12:13:01 -08:00
hwspinlock
Merge tag 'soc-drivers-7.0' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
2026-02-10 20:45:30 -08:00
hwtracing
Merge tag 'char-misc-7.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2026-02-17 09:11:04 -08:00
i2c
Merge tag 'char-misc-7.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2026-02-17 09:11:04 -08:00
i3c
i3c: dw-i3c-master: fix SIR reject bit mapping for dynamic addresses
2026-01-31 00:05:22 +01:00
idle
iio
Merge tag 'iio-for-7.0a' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/jic23/iio into char-misc-next
2026-02-02 17:08:30 +01:00
infiniband
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma
2026-02-12 17:05:20 -08:00
input
Merge tag 'input-for-v7.0-rc0' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
2026-02-15 08:24:19 -08:00
interconnect
Merge tag 'icc-6.20-rc1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/djakov/icc into char-misc-next
2026-01-30 16:46:45 +01:00
iommu
Merge tag 'riscv-for-linus-7.0-mw1' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux
2026-02-12 19:17:44 -08:00
ipack
irqchip
Merge tag 'mips_7.0' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux
2026-02-16 09:30:44 -08:00
isdn
leds
Merge tag 'leds-next-6.20' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/leds
2026-02-16 11:15:19 -08:00
macintosh
mailbox
Merge tag 'soc-drivers-7.0' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
2026-02-10 20:45:30 -08:00
mcb
mcb: fix incorrect sanity check
2026-01-27 15:54:09 +01:00
md
Merge tag 'block-7.0-20260216' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux
2026-02-17 08:48:45 -08:00
media
Merge tag 'mm-nonmm-stable-2026-02-12-10-48' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2026-02-12 12:13:01 -08:00
memory
memstick
message
scsi: Change the return type of the .queuecommand() callback
2026-01-23 21:32:34 -05:00
mfd
Merge tag 'mfd-next-6.20' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd
2026-02-16 11:05:44 -08:00
misc
Merge tag 'char-misc-7.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2026-02-17 09:11:04 -08:00
mmc
Merge tag 'mips_7.0' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux
2026-02-16 09:30:44 -08:00
most
most: core: fix leak on early registration failure
2026-01-27 15:53:30 +01:00
mtd
Merge tag 'mtd/for-7.0' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux
2026-02-13 15:06:58 -08:00
mux
mux: mmio: fix regmap leak on probe failure
2026-02-05 17:07:37 +01:00
net
Merge tag 'char-misc-7.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2026-02-17 09:11:04 -08:00
nfc
nfc: nxp-nci: remove interrupt trigger type
2026-02-06 20:54:50 -08:00
ntb
nubus
nubus: Call put_device() in bus initialization error path
2026-01-26 12:26:01 +01:00
nvdimm
nvdimm: virtio_pmem: serialize flush requests
2026-02-04 13:16:40 -06:00
nvme
Merge tag 'nvme-7.0-2026-03-04' of git://git.infradead.org/nvme into block-7.0
2026-03-04 08:15:17 -07:00
nvmem
Merge tag 'char-misc-7.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2026-02-17 09:11:04 -08:00
of
Merge tag 'mm-nonmm-stable-2026-02-12-10-48' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2026-02-12 12:13:01 -08:00
opp
OPP: Return correct value in dev_pm_opp_get_level
2026-01-27 10:58:50 +05:30
parisc
Merge tag 'parisc-for-7.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux
2026-02-10 21:42:10 -08:00
parport
pci
Merge tag 'cxl-for-7.0' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl
2026-02-12 16:33:05 -08:00
pcmcia
PCI: Separate CardBus setup & build it only with CONFIG_CARDBUS
2026-01-27 16:36:52 -06:00
peci
perf
perf/arm-cmn: Reject unsupported hardware configurations
2026-02-03 19:43:52 +00:00
phy
Merge tag 'phy-for-7.0' of git://git.kernel.org/pub/scm/linux/kernel/git/phy/linux-phy
2026-02-17 11:40:04 -08:00
pinctrl
Merge tag 'pinctrl-v7.0-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl
2026-02-16 09:35:24 -08:00
platform
Merge tag 'usb-7.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
2026-02-17 09:36:43 -08:00
pmdomain
Merge tag 'pmdomain-v6.19-rc3-3' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/linux-pm
2026-02-06 10:10:39 -08:00
pnp
power
Merge tag 'for-v7.0' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply
2026-02-12 18:24:37 -08:00
powercap
pps
pps: generators: remove broken pps_gen_parport driver
2026-01-27 15:54:27 +01:00
ps3
ptp
Merge tag 'mm-nonmm-stable-2026-02-12-10-48' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2026-02-12 12:13:01 -08:00
pwm
Merge tag 'driver-core-7.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/driver-core/driver-core
2026-02-11 17:43:59 -08:00
rapidio
rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net()
2026-01-31 16:16:07 -08:00
ras
Merge tag 'edac_updates_for_v7.0_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras
2026-02-10 18:14:36 -08:00
regulator
Merge tag 'mfd-next-6.20' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd
2026-02-16 11:05:44 -08:00
remoteproc
remoteproc: imx_rproc: Fix invalid loaded resource table detection
2026-02-03 09:23:12 -07:00
resctrl
reset
reset: spacemit: Add SpacemiT K3 reset driver
2026-01-24 16:53:02 +01:00
rpmsg
rtc
Merge tag 'mips_7.0' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux
2026-02-16 09:30:44 -08:00
s390
Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
2026-02-12 15:43:02 -08:00
sbus
scsi
Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost
2026-02-13 12:02:18 -08:00
sh
siox
slimbus
slimbus: qcom-ngd: Simplify with scoped for each OF child loop
2026-01-27 15:53:49 +01:00
soc
Merge tag 'phy-for-7.0' of git://git.kernel.org/pub/scm/linux/kernel/git/phy/linux-phy
2026-02-17 11:40:04 -08:00
soundwire
Merge tag 'soundwire-7.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/soundwire
2026-02-17 10:07:13 -08:00
spi
Merge tag 'char-misc-7.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2026-02-17 09:11:04 -08:00
spmi
spmi: spmi-pmic-arb: add support for PMIC arbiter v8
2026-01-23 19:24:39 +01:00
ssb
staging
Merge tag 'staging-7.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
2026-02-17 09:20:58 -08:00
target
Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
2026-02-12 15:43:02 -08:00
tc
tee
Merge tag 'tee-sysfs-for-6.20' of git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee into soc/drivers
2026-01-21 16:30:52 +01:00
thermal
Merge tag 'irq-cleanups-2026-02-09' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2026-02-10 13:22:50 -08:00
thunderbolt
Merge tag 'usb-7.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
2026-02-17 09:36:43 -08:00
tty
Merge tag 'tty-7.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty
2026-02-17 09:30:52 -08:00
ufs
Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
2026-02-12 15:43:02 -08:00
uio
usb
Merge tag 'usb-7.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
2026-02-17 09:36:43 -08:00
vdpa
vduse: avoid adding implicit padding
2026-02-09 12:21:32 -05:00
vfio
Merge tag 'vfio-v7.0-rc1' of https://github.com/awilliam/linux-vfio
2026-02-12 15:52:39 -08:00
vhost
Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost
2026-02-13 12:02:18 -08:00
video
Merge tag 'backlight-next-6.20' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/backlight
2026-02-16 11:10:33 -08:00
virt
Merge tag 'tsm-for-7.0' of git://git.kernel.org/pub/scm/linux/kernel/git/devsec/tsm
2026-02-15 10:20:37 -08:00
virtio
Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost
2026-02-13 12:02:18 -08:00
w1
watchdog
Merge tag 'linux-watchdog-6.20-rc1' of git://www.linux-watchdog.org/linux-watchdog
2026-02-16 12:21:22 -08:00
xen
Merge tag 'x86_paravirt_for_v7.0_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2026-02-10 19:01:45 -08:00
zorro
Kconfig
Makefile
phy: enter drivers/phy/Makefile even without CONFIG_GENERIC_PHY
2026-02-04 20:45:26 +05:30