This is a note to let you know that I've just added the patch titled
bcache: fix cache_set_flush() NULL pointer dereference on OOM
to the 3.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
bcache-fix-cache_set_flush-null-pointer-dereference-on-oom.patch
and it can be found in the queue-3.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From f8b11260a445169989d01df75d35af0f56178f95 Mon Sep 17 00:00:00 2001
From: Eric Wheeler <git@xxxxxxxxxxxxxxxxxx>
Date: Mon, 7 Mar 2016 15:17:50 -0800
Subject: bcache: fix cache_set_flush() NULL pointer dereference on OOM
From: Eric Wheeler <git@xxxxxxxxxxxxxxxxxx>
commit f8b11260a445169989d01df75d35af0f56178f95 upstream.
When bch_cache_set_alloc() fails to kzalloc the cache_set, the
asyncronous closure handling tries to dereference a cache_set that
hadn't yet been allocated inside of cache_set_flush() which is called
by __cache_set_unregister() during cleanup. This appears to happen only
during an OOM condition on bcache_register.
Signed-off-by: Eric Wheeler <bcache@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/md/bcache/super.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/md/bcache/super.c
+++ b/drivers/md/bcache/super.c
@@ -1388,6 +1388,9 @@ static void cache_set_flush(struct closu
struct btree *b;
unsigned i;
+ if (!c)
+ closure_return(cl);
+
bch_cache_accounting_destroy(&c->accounting);
kobject_put(&c->internal);
Patches currently in stable-queue which might be from git@xxxxxxxxxxxxxxxxxx are
queue-3.14/bcache-fix-cache_set_flush-null-pointer-dereference-on-oom.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html