[obsolete] block-fix-queue_lock-null-pointer-derefence-in-blk_throtl_exit-v4.patch removed from -mm tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The patch titled
     block: fix queue_lock NULL pointer derefence in blk_throtl_exit()
has been removed from the -mm tree.  Its filename was
     block-fix-queue_lock-null-pointer-derefence-in-blk_throtl_exit-v4.patch

This patch was dropped because it is obsolete

The current -mm tree may be found at http://userweb.kernel.org/~akpm/mmotm/

------------------------------------------------------
Subject: block: fix queue_lock NULL pointer derefence in blk_throtl_exit()
From: Sergey Senozhatsky <sergey.senozhatsky@xxxxxxxxx>

BUG: unable to handle kernel NULL pointer dereference at 0000000000000004
 IP: [<ffffffff812479d4>] do_raw_spin_lock+0x14/0x122
 Process modprobe (pid: 6189, threadinfo ffff88009a898000, task
 ffff880154a88000)
 Call Trace:
  [<ffffffff81486788>] _raw_spin_lock_irq+0x4a/0x51
  [<ffffffff8123404b>] ? blk_throtl_exit+0x3b/0xa0
  [<ffffffff8105b120>] ? cancel_delayed_work_sync+0xd/0xf
  [<ffffffff8123404b>] blk_throtl_exit+0x3b/0xa0
  [<ffffffff81229bc8>] blk_release_queue+0x21/0x65
  [<ffffffff8123bb06>] kobject_release+0x51/0x66
  [<ffffffff8123bab5>] ? kobject_release+0x0/0x66
  [<ffffffff8123ce1e>] kref_put+0x43/0x4d
  [<ffffffff8123ba27>] kobject_put+0x47/0x4b
  [<ffffffff8122717c>] blk_cleanup_queue+0x56/0x5b
  [<ffffffffa01c3824>] loop_exit+0x68/0x844 [loop]
  [<ffffffff8107cccc>] sys_delete_module+0x1e8/0x25b
  [<ffffffff814864c9>] ? trace_hardirqs_on_thunk+0x3a/0x3f
  [<ffffffff81002112>] system_call_fastpath+0x16/0x1b

because of an attempt to acquire NULL queue_lock.  Added the same lines as
in blk_queue_make_request: 'fall back to embedded per-queue lock' - when
call blk_release_queue on allocated but never initialized queue.

Cc: Vivek Goyal <vgoyal@xxxxxxxxxx>
Cc: Jens Axboe <jaxboe@xxxxxxxxxxxx>
Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@xxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---

 block/blk-sysfs.c    |    6 ++++++
 drivers/block/loop.c |    3 ---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff -puN block/blk-sysfs.c~block-fix-queue_lock-null-pointer-derefence-in-blk_throtl_exit-v4 block/blk-sysfs.c
--- a/block/blk-sysfs.c~block-fix-queue_lock-null-pointer-derefence-in-blk_throtl_exit-v4
+++ a/block/blk-sysfs.c
@@ -471,6 +471,12 @@ static void blk_release_queue(struct kob
 
 	blk_sync_queue(q);
 
+	/* It's possible that blk_release_queue will be called on allocated
+	 * but never initialized queue. Fall back to our embedded per-queue
+	 * locks in this case. */
+	if (!q->queue_lock)
+		q->queue_lock = &q->__queue_lock;
+
 	blk_throtl_exit(q);
 
 	if (rl->rq_pool)
diff -puN drivers/block/loop.c~block-fix-queue_lock-null-pointer-derefence-in-blk_throtl_exit-v4 drivers/block/loop.c
--- a/drivers/block/loop.c~block-fix-queue_lock-null-pointer-derefence-in-blk_throtl_exit-v4
+++ a/drivers/block/loop.c
@@ -1641,9 +1641,6 @@ out:
 
 static void loop_free(struct loop_device *lo)
 {
-	if (!lo->lo_queue->queue_lock)
-		lo->lo_queue->queue_lock = &lo->lo_queue->__queue_lock;
-
 	blk_cleanup_queue(lo->lo_queue);
 	put_disk(lo->lo_disk);
 	list_del(&lo->lo_list);
_

Patches currently in -mm which might be from sergey.senozhatsky@xxxxxxxxx are

mm-grab-rcu-read-lock-in-move_pages.patch

--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Kernel Newbies FAQ]     [Kernel Archive]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [Bugtraq]     [Photo]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]

  Powered by Linux