mirrors/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-03-24 08:35:34 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
7277cc67b3916eed47558c64f9c9c0de00a35cda
linux/drivers
History
Bart Van Assche 7277cc67b3 skd: Avoid that module unloading triggers a use-after-free 
Since put_disk() triggers a disk_release() call and since that
last function calls blk_put_queue() if disk->queue != NULL, clear
the disk->queue pointer before calling put_disk(). This avoids
that unloading the skd kernel module triggers the following
use-after-free:

WARNING: CPU: 8 PID: 297 at lib/refcount.c:128 refcount_sub_and_test+0x70/0x80
refcount_t: underflow; use-after-free.
CPU: 8 PID: 297 Comm: kworker/8:1 Not tainted 4.11.10-300.fc26.x86_64 #1
Workqueue: events work_for_cpu_fn
Call Trace:
 dump_stack+0x63/0x84
 __warn+0xcb/0xf0
 warn_slowpath_fmt+0x5a/0x80
 refcount_sub_and_test+0x70/0x80
 refcount_dec_and_test+0x11/0x20
 kobject_put+0x1f/0x50
 blk_put_queue+0x15/0x20
 disk_release+0xae/0xf0
 device_release+0x32/0x90
 kobject_release+0x67/0x170
 kobject_put+0x2b/0x50
 put_disk+0x17/0x20
 skd_destruct+0x5c/0x890 [skd]
 skd_pci_probe+0x124d/0x13a0 [skd]
 local_pci_probe+0x42/0xa0
 work_for_cpu_fn+0x14/0x20
 process_one_work+0x19e/0x470
 worker_thread+0x1dc/0x4a0
 kthread+0x125/0x140
 ret_from_fork+0x25/0x30

Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Hannes Reinecke <hare@suse.de>
Cc: Johannes Thumshirn <jthumshirn@suse.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2017-08-18 08:45:29 -06:00
..
accessibility
acpi
Merge branches 'acpi-pm' and 'acpi-numa'
2017-07-27 23:14:08 +02:00
amba
android
binder: Use wake up hint for synchronous transactions.
2017-07-17 14:44:19 +02:00
ata
Merge branch 'for-4.13' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata
2017-07-06 09:41:58 -07:00
atm
atm: zatm: Fix an error handling path in 'zatm_init_one()'
2017-07-18 11:37:46 -07:00
auxdisplay
base
Merge tag 'dma-mapping-4.13-2' of git://git.infradead.org/users/hch/dma-mapping
2017-07-25 17:17:18 -07:00
bcma
block
skd: Avoid that module unloading triggers a use-after-free
2017-08-18 08:45:29 -06:00
bluetooth
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2017-07-05 12:31:59 -07:00
bus
Merge tag 'drm-for-v4.13' of git://people.freedesktop.org/~airlied/linux
2017-07-09 18:48:37 -07:00
cdrom
block: don't set bounce limit in blk_init_queue
2017-06-27 12:13:45 -06:00
char
Merge tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random
2017-07-15 12:44:02 -07:00
clk
Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus
2017-07-15 10:59:54 -07:00
clocksource
clocksource/drivers/timer-of: Handle of_irq_get_byname() result correctly
2017-07-17 22:43:00 +02:00
connector
cpufreq
Merge branches 'intel_pstate' and 'pm-domains'
2017-07-20 18:57:15 +02:00
cpuidle
Merge tag 'powerpc-4.13-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux
2017-07-07 13:55:45 -07:00
crypto
crypto: brcm - remove BCM_PDC_MBOX dependency in Kconfig
2017-07-18 17:01:08 +08:00
dax
Merge tag 'for-4.13/dm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
2017-07-28 12:17:17 -07:00
dca
devfreq
PM / devfreq: constify attribute_group structures.
2017-07-06 10:17:24 +09:00
dio
dma
Merge tag 'dmaengine-4.13-rc1' of git://git.infradead.org/users/vkoul/slave-dma
2017-07-08 12:36:50 -07:00
dma-buf
Merge branch 'drm-misc-next-fixes' into drm-misc-fixes
2017-07-17 11:56:07 -04:00
edac
EDAC, pnd2: Fix Apollo Lake DIMM detection
2017-06-29 10:37:50 +02:00
eisa
extcon
firewire
networking: make skb_push & __skb_push return void pointers
2017-06-16 11:48:40 -04:00
firmware
efi: avoid fortify checks in EFI stub
2017-07-12 16:26:02 -07:00
fmc
fpga
fsi
drivers/fsi: fix fsi_slave_mode prototype
2017-07-17 16:13:54 +02:00
gpio
Merge (most of) tag 'mfd-next-4.13' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd
2017-07-07 13:30:05 -07:00
gpu
Merge tag 'exynos-drm-fixes-for-v4.13-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos into drm-fixes
2017-07-28 12:32:59 +10:00
hid
HID: ortek: add one more buggy device
2017-07-24 17:38:21 +02:00
hsi
Merge tag 'hsi-for-4.13' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-hsi
2017-07-04 14:28:22 -07:00
hv
vmbus: re-enable channel tasklet
2017-07-17 15:00:47 +02:00
hwmon
hwmon: (applesmc) Avoid buffer overruns
2017-07-15 16:38:56 -07:00
hwspinlock
hwtracing
Merge tag 'char-misc-4.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2017-07-03 20:55:59 -07:00
i2c
Merge branch 'i2c/for-4.13' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
2017-07-12 10:04:56 -07:00
ide
ide-floppy: Use blk_rq_is_scsi()
2017-08-18 08:36:58 -06:00
idle
intel_idle: Use more common logging style
2017-06-29 22:58:35 +02:00
iio
Merge tag 'hwmon-for-linus-v4.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging
2017-07-04 11:48:27 -07:00
infiniband
RDMA/core: Initialize port_num in qp_attr
2017-07-20 11:24:13 -04:00
input
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
2017-07-14 22:53:37 -07:00
iommu
Merge tag 'iommu-updates-v4.13' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu
2017-07-12 10:00:04 -07:00
ipack
irqchip
irqchip/digicolor: Drop unnecessary static
2017-07-18 21:59:23 +02:00
isdn
isdn: avm: c4: constify pci_device_id.
2017-07-15 21:25:56 -07:00
leds
Merge tag 'leds_for_4.13' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds
2017-07-06 11:32:40 -07:00
lguest
lightnvm
lightnvm: pblk: advance bio according to lba index
2017-07-28 08:06:00 -06:00
macintosh
Merge branch 'work.misc-set_fs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-07-05 13:13:32 -07:00
mailbox
Merge branch 'mailbox-for-next' of git://git.linaro.org/landing-teams/working/fujitsu/integration
2017-07-07 10:24:07 -07:00
mcb
md
block: pass in queue to inflight accounting
2017-08-09 13:09:16 -06:00
media
Merge tag 'drm-for-v4.13' of git://people.freedesktop.org/~airlied/linux
2017-07-09 18:48:37 -07:00
memory
Merge tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
2017-07-04 14:47:47 -07:00
memstick
message
mfd
Merge tag 'chrome-platform-for-linus-4.13' of git://git.kernel.org/pub/scm/linux/kernel/git/bleung/chrome-platform
2017-07-11 09:55:47 -07:00
misc
Merge tag 'powerpc-4.13-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux
2017-07-07 13:55:45 -07:00
mmc
mmc: dw_mmc: fix the wrong condition check of getting num-slots from DT
2017-07-27 15:57:30 +02:00
mtd
Merge tag 'for-linus-20170713' of git://git.infradead.org/linux-mtd
2017-07-13 12:07:44 -07:00
mux
mux: mux-core: unregister mux_class in mux_exit()
2017-07-17 16:38:35 +02:00
net
virtio-net: fix module unloading
2017-07-25 16:37:36 +03:00
nfc
Merge tag 'nfc-next-4.13-1' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/nfc-next
2017-07-01 14:30:39 -07:00
ntb
ntb: Add error path/handling to Debug FS entry creation
2017-07-06 11:30:08 -04:00
nubus
nvdimm
block: pass in queue to inflight accounting
2017-08-09 13:09:16 -06:00
nvme
blk-mq: Make blk_mq_reinit_tagset() calls easier to read
2017-08-18 08:36:58 -06:00
nvmem
nvmem: rockchip-efuse: amend compatible rk322x-efuse to rk3228-efuse
2017-07-17 16:15:57 +02:00
of
of: irq: fix of_irq_to_resource() error check
2017-07-21 16:58:55 -05:00
oprofile
parisc
parisc: pdc_stable: constify attribute_group structures.
2017-07-23 21:02:17 +02:00
parport
pci
Merge tag 'pm-fixes-4.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
2017-07-14 22:24:25 -07:00
pcmcia
perf
drivers/perf: arm_pmu: Request PMU SPIs with IRQF_PER_CPU
2017-07-27 13:43:22 +01:00
phy
phy: bcm-ns-usb3: add MDIO driver using proper bus layer
2017-06-16 13:22:26 +05:30
pinctrl
Merge tag 'pinctrl-v4.13-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl
2017-07-06 11:38:59 -07:00
platform
Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus
2017-07-15 10:59:54 -07:00
pnp
Merge tag 'gpio-v4.13-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio
2017-07-07 12:40:27 -07:00
power
Merge tag 'for-v4.13-2' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply
2017-07-13 11:47:59 -07:00
powercap
powercap/RAPL: prevent overridding bits outside of the mask
2017-06-28 00:38:34 +02:00
pps
ps3
ptp
ptp: dte: Use LL suffix for 64-bit constants
2017-07-06 11:40:58 +01:00
pwm
Merge tag 'pwm/for-4.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm
2017-07-13 11:49:52 -07:00
rapidio
ras
Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
2017-07-05 17:09:27 -07:00
regulator
Merge remote-tracking branches 'regulator/topic/settle', 'regulator/topic/tps65910' and 'regulator/topic/tps65917' into regulator-next
2017-07-03 16:52:21 +01:00
remoteproc
remoteproc/keystone: Fix circular dependencies for ARM configs
2017-06-27 16:21:34 -07:00
reset
Merge tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
2017-07-04 14:47:47 -07:00
rpmsg
Merge tag 'rpmsg-v4.13' of git://github.com/andersson/remoteproc
2017-07-06 15:38:31 -07:00
rtc
Merge tag 'rtc-4.13' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux
2017-07-13 12:15:06 -07:00
s390
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
2017-07-25 08:44:27 -07:00
sbus
block: don't set bounce limit in blk_init_queue
2017-06-27 12:13:45 -06:00
scsi
Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
2017-07-25 20:10:10 -07:00
sfi
sh
drivers/sh/intc/virq.c: delete an error message for a failed memory allocation in add_virq_to_pirq()
2017-07-06 16:24:30 -07:00
sn
soc
Merge tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
2017-07-04 14:47:47 -07:00
spi
Merge branch 'for-spi' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-07-08 10:41:53 -07:00
spmi
spmi: pmic-arb: Always allocate ppid_to_apid table
2017-07-17 15:00:47 +02:00
ssb
staging
staging: rtl8188eu: add TL-WN722N v2 support
2017-07-18 09:04:22 +02:00
target
Merge tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random
2017-07-15 12:44:02 -07:00
tc
tee
thermal
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux
2017-07-14 13:12:32 -07:00
thunderbolt
Merge tag 'uuid-for-4.13-2' of git://git.infradead.org/users/hch/uuid
2017-07-25 19:46:05 -07:00
tty
tty: hide unused pty_get_peer function
2017-07-17 17:04:41 +02:00
uio
usb
xhci: fix memleak in xhci_run()
2017-07-20 14:40:36 +02:00
uwb
Merge tag 'driver-core-4.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
2017-07-03 20:27:48 -07:00
vfio
Merge tag 'vfio-v4.13-rc1' of git://github.com/awilliam/linux-vfio
2017-07-13 12:23:54 -07:00
vhost
Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending
2017-07-13 14:27:32 -07:00
video
Merge branch 'akpm' (patches from Andrew)
2017-07-13 12:38:49 -07:00
virt
virtio
virtio-balloon: coding format cleanup
2017-07-25 16:37:35 +03:00
vlynq
vme
w1
w1: omap-hdq: fix error return code in omap_hdq_probe()
2017-07-17 16:48:15 +02:00
watchdog
Merge git://www.linux-watchdog.org/linux-watchdog
2017-07-11 09:59:37 -07:00
xen
xen: dont fiddle with event channel masking in suspend/resume
2017-07-27 19:55:46 +02:00
zorro
Kconfig
Makefile