superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/drivers/md
History
Mikulas Patocka dbf1a71985 dm: fix a race condition in retrieve_deps 
[ Upstream commit f6007dce0c ]

There's a race condition in the multipath target when retrieve_deps
races with multipath_message calling dm_get_device and dm_put_device.
retrieve_deps walks the list of open devices without holding any lock
but multipath may add or remove devices to the list while it is
running. The end result may be memory corruption or use-after-free
memory access.

See this description of a UAF with multipath_message():
https://listman.redhat.com/archives/dm-devel/2022-October/052373.html

Fix this bug by introducing a new rw semaphore "devices_lock". We grab
devices_lock for read in retrieve_deps and we grab it for write in
dm_get_device and dm_put_device.

Reported-by: Luo Meng <luomeng12@huawei.com>
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Cc: stable@vger.kernel.org
Tested-by: Li Lingfeng <lilingfeng3@huawei.com>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2023-10-06 14:56:32 +02:00
..
bcache bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent 2023-07-19 16:22:10 +02:00
persistent-data dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
Kconfig md: select BLOCK_LEGACY_AUTOLOAD 2023-03-22 13:33:58 +01:00
Makefile hardening updates for v5.20-rc1 2022-08-02 14:38:59 -07:00
dm-audit.c
dm-audit.h
dm-bio-prison-v1.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-bio-prison-v1.h
dm-bio-prison-v2.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-bio-prison-v2.h dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-bio-record.h
dm-bufio.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-builtin.c
dm-cache-background-tracker.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-cache-background-tracker.h dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-cache-block-types.h
dm-cache-metadata.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-cache-metadata.h dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-cache-policy-internal.h dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-cache-policy-smq.c dm cache policy smq: ensure IO doesn't prevent cleaner policy progress 2023-08-03 10:24:17 +02:00
dm-cache-policy.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-cache-policy.h dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-cache-target.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-clone-metadata.c
dm-clone-metadata.h
dm-clone-target.c dm clone: call kmem_cache_destroy() in dm_clone_init() error path 2023-05-11 23:03:41 +09:00
dm-core.h dm: fix a race condition in retrieve_deps 2023-10-06 14:56:32 +02:00
dm-crypt.c dm: avoid split of quoted strings where possible 2023-07-19 16:22:07 +02:00
dm-delay.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-dust.c
dm-ebs-target.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-era-target.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-exception-store.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-exception-store.h dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-flakey.c dm flakey: fix a crash with invalid table line 2023-05-11 23:03:41 +09:00
dm-ima.c dm table: audit all dm_table_get_target() callers 2022-07-07 11:49:34 -04:00
dm-ima.h
dm-init.c dm init: add dm-mod.waitfor to wait for asynchronously probed block devices 2023-07-23 13:49:38 +02:00
dm-integrity.c dm integrity: reduce vmalloc space footprint on 32-bit architectures 2023-07-23 13:49:35 +02:00
dm-io-rewind.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-io-tracker.h
dm-io.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-ioctl.c dm: fix a race condition in retrieve_deps 2023-10-06 14:56:32 +02:00
dm-kcopyd.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-linear.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-log-userspace-base.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-log-userspace-transfer.c dm: avoid split of quoted strings where possible 2023-07-19 16:22:07 +02:00
dm-log-userspace-transfer.h
dm-log-writes.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-log.c dm: avoid split of quoted strings where possible 2023-07-19 16:22:07 +02:00
dm-mpath.c dm: fix undue/missing spaces 2023-07-19 16:22:07 +02:00
dm-mpath.h dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-path-selector.c
dm-path-selector.h dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-ps-historical-service-time.c dm mpath: provide high-resolution timer to HST for bio-based 2022-05-09 15:39:23 -04:00
dm-ps-io-affinity.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-ps-queue-length.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-ps-round-robin.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-ps-service-time.c dm: fix undue/missing spaces 2023-07-19 16:22:07 +02:00
dm-raid.c dm raid: protect md_stop() with 'reconfig_mutex' 2023-08-03 10:24:05 +02:00
dm-raid1.c dm: avoid split of quoted strings where possible 2023-07-19 16:22:07 +02:00
dm-region-hash.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-rq.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-rq.h dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-snap-persistent.c dm: avoid split of quoted strings where possible 2023-07-19 16:22:07 +02:00
dm-snap-transient.c dm: avoid split of quoted strings where possible 2023-07-19 16:22:07 +02:00
dm-snap.c dm: avoid split of quoted strings where possible 2023-07-19 16:22:07 +02:00
dm-stats.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-stats.h dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-stripe.c dm: avoid split of quoted strings where possible 2023-07-19 16:22:07 +02:00
dm-switch.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-sysfs.c dm sysfs: use default_groups in kobj_type 2022-01-06 09:48:55 -05:00
dm-table.c dm: fix a race condition in retrieve_deps 2023-10-06 14:56:32 +02:00
dm-target.c dax: introduce DAX_RECOVERY_WRITE dax access mode 2022-05-16 13:35:56 -07:00
dm-thin-metadata.c dm: avoid split of quoted strings where possible 2023-07-19 16:22:07 +02:00
dm-thin-metadata.h dm thin metadata: remove unused dm_thin_remove_block and __remove 2022-02-22 13:55:50 -05:00
dm-thin.c dm thin: fix issue_discard to pass GFP_NOIO to __blkdev_issue_discard 2023-06-21 16:00:55 +02:00
dm-uevent.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-uevent.h dm: fix undue/missing spaces 2023-07-19 16:22:07 +02:00
dm-unstripe.c
dm-verity-fec.c dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-verity-fec.h dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-verity-loadpin.c dm: verity-loadpin: Add NULL pointer check for 'bdev' parameter 2023-07-23 13:49:43 +02:00
dm-verity-target.c dm verity: fix error handling for check_at_most_once on FEC 2023-05-11 23:03:41 +09:00
dm-verity-verify-sig.c
dm-verity-verify-sig.h
dm-verity.h dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
dm-writecache.c dm: fix undue/missing spaces 2023-07-19 16:22:07 +02:00
dm-zero.c
dm-zone.c - Refactor DM core's mempool allocation so that it clearer by not 2022-08-02 14:21:25 -07:00
dm-zoned-metadata.c dm: avoid split of quoted strings where possible 2023-07-19 16:22:07 +02:00
dm-zoned-reclaim.c
dm-zoned-target.c dm-zoned: cleanup dmz_fixup_devices 2022-07-06 06:46:26 -06:00
dm-zoned.h dm/dm-zoned: Use the enum req_op type 2022-07-14 12:14:31 -06:00
dm.c dm: don't attempt to queue IO under RCU protection 2023-09-23 11:11:10 +02:00
dm.h dm: change "unsigned" to "unsigned int" 2023-04-13 16:55:17 +02:00
md-autodetect.c md: return the allocated devices from md_alloc 2022-08-02 17:22:46 -06:00
md-bitmap.c md/md-bitmap: hold 'reconfig_mutex' in backlog_store() 2023-09-13 09:42:41 +02:00
md-bitmap.h md/raid1-10: submit write io directly if bitmap is not enabled 2023-07-19 16:20:58 +02:00
md-cluster.c fs: dlm: remove DLM_LSFL_FS from uapi 2022-08-23 14:54:54 -05:00
md-cluster.h
md-faulty.c block: pass a block_device to bio_clone_fast 2022-02-04 07:43:18 -07:00
md-linear.c md: add error_handlers for raid0 and linear 2023-09-13 09:42:44 +02:00
md-linear.h
md-multipath.c md: remove most calls to bdevname 2022-05-22 23:07:21 -07:00
md-multipath.h
md.c md: Put the right device in md_seq_next 2023-09-23 11:11:10 +02:00
md.h md: add error_handlers for raid0 and linear 2023-09-13 09:42:44 +02:00
raid0.c md: raid0: account for split bio in iostat accounting 2023-09-13 09:42:44 +02:00
raid0.h md/raid0: add discard support for the 'original' layout 2023-07-23 13:49:37 +02:00
raid1-10.c md/raid1-10: fix casting from randomized structure in raid1_submit_write() 2023-07-19 16:21:45 +02:00
raid1.c md/raid1: fix error: ISO C90 forbids mixed declarations 2023-09-23 11:11:09 +02:00
raid1.h md: raid1/raid10: drop pending_cnt 2022-03-08 15:16:54 -08:00
raid5-cache.c md/raid5-cache: fix null-ptr-deref for r5l_flush_stripe_to_raid() 2023-09-13 09:42:44 +02:00
raid5-log.h md/raid5-ppl: Drop unused argument from ppl_handle_flush_request() 2022-08-02 17:14:31 -06:00
raid5-ppl.c md/raid5-ppl: Drop unused argument from ppl_handle_flush_request() 2022-08-02 17:14:31 -06:00
raid5.c md/raid5: fix miscalculation of 'end_sector' in raid5_read_one_chunk() 2023-06-09 10:34:20 +02:00
raid5.h md/raid5: Cleanup prototype of raid5_get_active_stripe() 2022-09-22 00:05:04 -07:00
raid10.c md/raid10: use dereference_rdev_and_rrdev() to get devices 2023-09-13 09:42:41 +02:00
raid10.h md/raid10: convert resync_lock to use seqlock 2022-09-22 00:05:05 -07:00