mirrors/linux
2
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-05-16 06:41:39 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
f7700a4415afb3ac1767a556094e4ef8bd440e41
linux/drivers
History
Ming Lei f7700a4415 ublk: fix use-after-free in ublk_cancel_cmd() 
When ublk_reset_ch_dev() clears io->cmd via ublk_queue_reinit()
concurrently with ublk_cancel_cmd(), ublk_cancel_cmd() can read a
stale pointer and pass it to io_uring_cmd_done(), causing a
use-after-free.

Fix by synchronizing the two paths with ubq->cancel_lock:

- ublk_cancel_cmd(): read and clear io->cmd under cancel_lock,
  then call io_uring_cmd_done() on the saved local copy outside
  the lock.

- ublk_reset_ch_dev(): hold cancel_lock across ublk_queue_reinit()
  so that io->cmd and io->flags are cleared atomically with respect
  to ublk_cancel_cmd().

Fixes: 216c8f5ef0 ("ublk: replace monitor with cancelable uring_cmd")
Signed-off-by: Ming Lei <tom.leiming@gmail.com>
Link: https://patch.msgid.link/20260508123746.242018-1-tom.leiming@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2026-05-08 06:44:42 -06:00
..
accel
Merge tag 'drm-next-2026-04-15' of https://gitlab.freedesktop.org/drm/kernel
2026-04-15 08:45:00 -07:00
accessibility
acpi
Merge tag 'acpi-7.1-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
2026-04-23 12:29:22 -07:00
amba
android
Merge tag 'char-misc-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2026-04-24 13:23:50 -07:00
ata
Merge tag 'ata-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/libata/linux
2026-04-15 15:03:01 -07:00
atm
net: remove unused ATM protocols and legacy ATM device drivers
2026-04-23 12:21:14 -07:00
auxdisplay
base
Merge tag 'regmap-fix-v7.1-merge-window' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap
2026-04-24 12:11:26 -07:00
bcma
block
ublk: fix use-after-free in ublk_cancel_cmd()
2026-05-08 06:44:42 -06:00
bluetooth
Bluetooth: hci_qca: Fix missing wakeup during SSR memdump handling
2026-04-13 09:19:42 -04:00
bus
Merge tag 'char-misc-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2026-04-24 13:23:50 -07:00
cache
cdrom
cdrom, scsi: sr: propagate read-only status to block layer via set_disk_ro()
2026-04-27 15:52:51 -06:00
cdx
char
Merge tag 'for-next-tpm-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd
2026-04-25 16:20:52 -07:00
clk
Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux
2026-04-26 14:03:20 -07:00
clocksource
comedi
Merge tag 'char-misc-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2026-04-24 13:23:50 -07:00
connector
counter
Merge tag 'v7.0-rc7' into char-misc-next
2026-04-06 09:04:53 +02:00
cpufreq
Merge tag 'devicetree-for-7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux
2026-04-17 14:09:02 -07:00
cpuidle
Merge tag 'powerpc-7.1-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux
2026-04-14 17:10:15 -07:00
crypto
crypto: ccp - copy IV using skcipher ivsize
2026-04-16 17:37:03 +08:00
cxl
Merge tag 'cxl-for-7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl
2026-04-17 15:52:58 -07:00
dax
Merge tag 'libnvdimm-for-7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm
2026-04-21 14:12:01 -07:00
dca
devfreq
PM / devfreq: tegra30-devfreq: add support for Tegra114
2026-04-04 03:15:39 +09:00
dibs
dio
dma
Merge tag 'dmaengine-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine
2026-04-17 10:29:01 -07:00
dma-buf
Merge tag 'drm-fixes-2026-04-24' of https://gitlab.freedesktop.org/drm/kernel
2026-04-24 11:44:52 -07:00
dpll
dpll: zl3073x: add ref-sync pair support
2026-04-12 08:27:34 -07:00
edac
Merge tag 'ras_core_for_v7.1_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2026-04-14 15:32:39 -07:00
eisa
extcon
firewire
firmware
Merge tag 'loongarch-7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson
2026-04-24 09:54:45 -07:00
fpga
fsi
fwctl
fwctl: Fix class init ordering to avoid NULL pointer dereference on device removal
2026-04-10 11:21:06 -03:00
gnss
gpib
Merge tag 'v7.0-rc7' into char-misc-next
2026-04-06 09:04:53 +02:00
gpio
Merge tag 'gpio-fixes-for-v7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux
2026-04-24 11:59:46 -07:00
gpu
Merge tag 'drm-fixes-2026-04-24' of https://gitlab.freedesktop.org/drm/kernel
2026-04-24 11:44:52 -07:00
greybus
hid
Merge tag 'input-for-v7.1-rc0' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
2026-04-22 18:36:40 -07:00
hsi
HSI: omap_ssi_port: remove depends on ARM
2026-04-02 22:33:44 +02:00
hte
hte: tegra194: Add Tegra264 GTE support
2026-04-12 23:29:31 -07:00
hv
Merge tag 'drm-fixes-2026-04-24' of https://gitlab.freedesktop.org/drm/kernel
2026-04-24 11:44:52 -07:00
hwmon
Merge tag 'hwmon-for-v7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging
2026-04-15 14:37:32 -07:00
hwspinlock
hwspinlock: u8500: delete driver
2026-04-06 09:43:18 -05:00
hwtracing
Merge tag 'char-misc-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2026-04-24 13:23:50 -07:00
i2c
Merge tag 'i2c-host-7.1-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/andi.shyti/linux into i2c/for-mergewindow
2026-04-20 00:03:38 +02:00
i3c
i3c: mipi-i3c-hci: fix IBI payload length calculation for final status
2026-04-12 22:06:02 +02:00
idle
iio
Merge tag 'char-misc-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2026-04-24 13:23:50 -07:00
infiniband
Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
2026-04-21 08:22:18 -07:00
input
Merge tag 'input-for-v7.1-rc0' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
2026-04-22 18:36:40 -07:00
interconnect
Merge tag 'icc-7.1-rc1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/djakov/icc into char-misc-next
2026-04-07 10:06:50 +02:00
iommu
Merge tag 'dma-mapping-7.1-2026-04-16' of git://git.kernel.org/pub/scm/linux/kernel/git/mszyprowski/linux
2026-04-17 11:12:42 -07:00
ipack
irqchip
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
2026-04-17 07:18:03 -07:00
leds
leds: class: Make led_remove_lookup() NULL-aware
2026-04-09 13:49:19 +01:00
macintosh
mailbox
mcb
md
md: use ATTRIBUTE_GROUPS() for md default sysfs attributes
2026-04-28 20:44:38 +08:00
media
Merge tag 'rpmsg-v7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/remoteproc/linux
2026-04-17 14:18:55 -07:00
memory
Merge tag 'dma-mapping-7.1-2026-04-16' of git://git.kernel.org/pub/scm/linux/kernel/git/mszyprowski/linux
2026-04-17 11:12:42 -07:00
memstick
message
mfd
Merge tag 'mfd-next-7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd
2026-04-20 11:31:01 -07:00
misc
Merge tag 'char-misc-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2026-04-24 13:23:50 -07:00
mmc
mmc: sdhci-msm: Fix the wrapped key handling
2026-04-10 10:29:58 +02:00
most
mtd
Merge tag 'mtd/for-7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux
2026-04-17 17:57:04 -07:00
mux
Merge tag 'char-misc-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2026-04-24 13:23:50 -07:00
net
Merge tag 'net-deletions' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
2026-04-24 09:41:58 -07:00
nfc
Merge tag 'gpio-updates-for-v7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux
2026-04-13 20:10:58 -07:00
ntb
Merge tag 'pci-v7.1-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci
2026-04-15 14:41:21 -07:00
nubus
nvdimm
Merge tag 'vfs-7.1-rc1.integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2026-04-13 10:40:26 -07:00
nvme
Merge tag 'nvme-7.1-2026-04-24' of git://git.infradead.org/nvme into block-7.1
2026-04-27 15:47:21 -06:00
nvmem
Merge tag 'v7.0-rc7' into char-misc-next
2026-04-06 09:04:53 +02:00
of
Merge tag 'memblock-v7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rppt/memblock
2026-04-18 11:29:14 -07:00
opp
parisc
parisc: led: fix reference leak on failed device registration
2026-04-17 15:46:46 +02:00
parport
pci
Merge tag 'loongarch-7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson
2026-04-24 09:54:45 -07:00
pcmcia
Merge tag 'pcmcia-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/brodo/linux
2026-04-23 11:22:16 -07:00
peci
perf
Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
2026-04-14 16:48:56 -07:00
phy
Merge tag 'phy-for-7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/phy/linux-phy
2026-04-17 10:22:08 -07:00
pinctrl
Merge tag 'pinctrl-v7.1-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl
2026-04-18 16:59:09 -07:00
platform
Merge tag 'platform-drivers-x86-v7.1-1' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86
2026-04-20 12:02:24 -07:00
pmdomain
pmdomain: qcom: rpmhpd: Add power domains for Hawi SoC
2026-04-08 12:01:37 +02:00
pnp
power
Merge tag 'usb-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
2026-04-19 08:47:40 -07:00
powercap
pps
ps3
ptp
pwm
Merge tag 'pwm/fixes-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ukleinek/linux
2026-04-23 08:37:07 -07:00
rapidio
ras
regulator
Merge tag 'regulator-fix-v7.1-merge-window' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator
2026-04-24 13:06:25 -07:00
remoteproc
Merge tag 'rpmsg-v7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/remoteproc/linux
2026-04-17 14:18:55 -07:00
resctrl
Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
2026-04-20 16:46:22 -07:00
reset
Merge tag 'soc-late-7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
2026-04-23 08:57:24 -07:00
rpmsg
rpmsg: Constify buffer passed to send API
2026-04-06 09:37:51 -05:00
rtc
Merge tag 'rtc-7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux
2026-04-25 16:39:03 -07:00
s390
Merge tag 's390-7.1-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
2026-04-22 11:13:45 -07:00
sbus
scsi
cdrom, scsi: sr: propagate read-only status to block layer via set_disk_ro()
2026-04-27 15:52:51 -06:00
sh
siox
slimbus
soc
Merge tag 'rpmsg-v7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/remoteproc/linux
2026-04-17 14:18:55 -07:00
soundwire
Merge tag 'soundwire-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/soundwire
2026-04-17 10:16:53 -07:00
spi
Merge tag 'spi-fix-v7.1-merge-window' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi
2026-04-24 13:16:36 -07:00
spmi
ssb
staging
Merge tag 'char-misc-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2026-04-24 13:23:50 -07:00
target
Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
2026-04-21 08:22:18 -07:00
tc
tee
Merge tag 'soc-drivers-7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
2026-04-16 20:34:34 -07:00
thermal
Merge tag 'bitmap-for-v7.1' of https://github.com/norov/linux
2026-04-14 08:55:18 -07:00
thunderbolt
Merge tag 'thunderbolt-for-v7.1-rc1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/westeri/thunderbolt into usb-next
2026-04-10 13:10:28 +02:00
tty
Merge tag 'tty-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty
2026-04-19 08:44:41 -07:00
ufs
scsi: ufs: core: Disable timestamp for Kioxia THGJFJT0E25BAIP
2026-04-08 22:27:16 -04:00
uio
uio: replace deprecated mmap hook with mmap_prepare in uio_info
2026-04-05 13:53:44 -07:00
usb
Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
2026-04-21 08:22:18 -07:00
vdpa
vdpa: use generic driver_override infrastructure
2026-04-04 00:47:50 +02:00
vfio
vfio/cdx: Consolidate MSI configured state onto cdx_irqs
2026-04-21 12:01:22 -06:00
vhost
Merge tag 'net-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2026-04-23 16:50:42 -07:00
video
fbdev: hgafb: Request memory region before ioremap
2026-04-22 17:02:55 +02:00
virt
Merge tag 'tsm-for-7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/devsec/tsm
2026-04-26 09:51:29 -07:00
virtio
Merge tag 'mm-stable-2026-04-13-21-45' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2026-04-15 12:59:16 -07:00
w1
w1: ds2490: drop redundant device reference
2026-04-03 10:55:12 +02:00
watchdog
watchdog: ni903x_wdt: Convert to a platform driver
2026-04-07 21:06:59 +02:00
xen
Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
2026-04-21 08:22:18 -07:00
zorro
Kconfig
net: remove ISDN subsystem and Bluetooth CMTP
2026-04-23 10:24:02 -07:00
Makefile
net: remove ISDN subsystem and Bluetooth CMTP
2026-04-23 10:24:02 -07:00