From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Hou Tao <houtao1@huawei.com>,
Mike Snitzer <snitzer@redhat.com>
Subject: [PATCH 5.4 109/122] dm btree remove: assign new_root only when removal succeeds
Date: Thu, 15 Jul 2021 20:39:16 +0200 [thread overview]
Message-ID: <20210715182520.673081149@linuxfoundation.org> (raw)
In-Reply-To: <20210715182448.393443551@linuxfoundation.org>
From: Hou Tao <houtao1@huawei.com>
commit b6e58b5466b2959f83034bead2e2e1395cca8aeb upstream.
remove_raw() in dm_btree_remove() may fail due to IO read error
(e.g. read the content of origin block fails during shadowing),
and the value of shadow_spine::root is uninitialized, but
the uninitialized value is still assign to new_root in the
end of dm_btree_remove().
For dm-thin, the value of pmd->details_root or pmd->root will become
an uninitialized value, so if trying to read details_info tree again
out-of-bound memory may occur as showed below:
general protection fault, probably for non-canonical address 0x3fdcb14c8d7520
CPU: 4 PID: 515 Comm: dmsetup Not tainted 5.13.0-rc6
Hardware name: QEMU Standard PC
RIP: 0010:metadata_ll_load_ie+0x14/0x30
Call Trace:
sm_metadata_count_is_more_than_one+0xb9/0xe0
dm_tm_shadow_block+0x52/0x1c0
shadow_step+0x59/0xf0
remove_raw+0xb2/0x170
dm_btree_remove+0xf4/0x1c0
dm_pool_delete_thin_device+0xc3/0x140
pool_message+0x218/0x2b0
target_message+0x251/0x290
ctl_ioctl+0x1c4/0x4d0
dm_ctl_ioctl+0xe/0x20
__x64_sys_ioctl+0x7b/0xb0
do_syscall_64+0x40/0xb0
entry_SYSCALL_64_after_hwframe+0x44/0xae
Fixing it by only assign new_root when removal succeeds
Signed-off-by: Hou Tao <houtao1@huawei.com>
Cc: stable@vger.kernel.org
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/persistent-data/dm-btree-remove.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/md/persistent-data/dm-btree-remove.c
+++ b/drivers/md/persistent-data/dm-btree-remove.c
@@ -549,7 +549,8 @@ int dm_btree_remove(struct dm_btree_info
delete_at(n, index);
}
- *new_root = shadow_root(&spine);
+ if (!r)
+ *new_root = shadow_root(&spine);
exit_shadow_spine(&spine);
return r;
next prev parent reply other threads:[~2021-07-15 18:47 UTC|newest]
Thread overview: 131+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-15 18:37 [PATCH 5.4 000/122] 5.4.133-rc1 review Greg Kroah-Hartman
2021-07-15 18:37 ` [PATCH 5.4 001/122] drm/mxsfb: Dont select DRM_KMS_FB_HELPER Greg Kroah-Hartman
2021-07-15 18:37 ` [PATCH 5.4 002/122] drm/zte: " Greg Kroah-Hartman
2021-07-15 18:37 ` [PATCH 5.4 003/122] drm/amd/amdgpu/sriov disable all ip hw status by default Greg Kroah-Hartman
2021-07-15 18:37 ` [PATCH 5.4 004/122] drm/vc4: fix argument ordering in vc4_crtc_get_margins() Greg Kroah-Hartman
2021-07-15 18:37 ` [PATCH 5.4 005/122] net: pch_gbe: Use proper accessors to BE data in pch_ptp_match() Greg Kroah-Hartman
2021-07-15 18:37 ` [PATCH 5.4 006/122] drm/amd/display: fix use_max_lb flag for 420 pixel formats Greg Kroah-Hartman
2021-07-15 18:37 ` [PATCH 5.4 007/122] hugetlb: clear huge pte during flush function on mips platform Greg Kroah-Hartman
2021-07-15 18:37 ` [PATCH 5.4 008/122] atm: iphase: fix possible use-after-free in ia_module_exit() Greg Kroah-Hartman
2021-07-15 18:37 ` [PATCH 5.4 009/122] mISDN: fix possible use-after-free in HFC_cleanup() Greg Kroah-Hartman
2021-07-15 18:37 ` [PATCH 5.4 010/122] atm: nicstar: Fix possible use-after-free in nicstar_cleanup() Greg Kroah-Hartman
2021-07-15 18:37 ` [PATCH 5.4 011/122] net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT Greg Kroah-Hartman
2021-07-15 18:37 ` [PATCH 5.4 012/122] drm/mediatek: Fix PM reference leak in mtk_crtc_ddp_hw_init() Greg Kroah-Hartman
2021-07-15 18:37 ` [PATCH 5.4 013/122] reiserfs: add check for invalid 1st journal block Greg Kroah-Hartman
2021-07-15 18:37 ` [PATCH 5.4 014/122] drm/virtio: Fix double free on probe failure Greg Kroah-Hartman
2021-07-15 18:37 ` [PATCH 5.4 015/122] drm/sched: Avoid data corruptions Greg Kroah-Hartman
2021-07-15 18:37 ` [PATCH 5.4 016/122] udf: Fix NULL pointer dereference in udf_symlink function Greg Kroah-Hartman
2021-07-15 18:37 ` [PATCH 5.4 017/122] e100: handle eeprom as little endian Greg Kroah-Hartman
2021-07-15 18:37 ` [PATCH 5.4 018/122] igb: handle vlan types with checker enabled Greg Kroah-Hartman
2021-07-15 18:37 ` [PATCH 5.4 019/122] drm/bridge: cdns: Fix PM reference leak in cdns_dsi_transfer() Greg Kroah-Hartman
2021-07-15 18:37 ` [PATCH 5.4 020/122] clk: renesas: r8a77995: Add ZA2 clock Greg Kroah-Hartman
2021-07-15 18:37 ` [PATCH 5.4 021/122] clk: tegra: Ensure that PLLU configuration is applied properly Greg Kroah-Hartman
2021-07-15 18:37 ` [PATCH 5.4 022/122] ipv6: use prandom_u32() for ID generation Greg Kroah-Hartman
2021-07-15 18:37 ` [PATCH 5.4 023/122] RDMA/cxgb4: Fix missing error code in create_qp() Greg Kroah-Hartman
2021-07-15 18:37 ` [PATCH 5.4 024/122] dm space maps: dont reset space map allocation cursor when committing Greg Kroah-Hartman
2021-07-15 18:37 ` [PATCH 5.4 025/122] pinctrl: mcp23s08: fix race condition in irq handler Greg Kroah-Hartman
2021-07-15 18:37 ` [PATCH 5.4 026/122] ice: set the value of global config lock timeout longer Greg Kroah-Hartman
2021-07-15 18:37 ` [PATCH 5.4 027/122] virtio_net: Remove BUG() to avoid machine dead Greg Kroah-Hartman
2021-07-15 18:37 ` [PATCH 5.4 028/122] net: bcmgenet: check return value after calling platform_get_resource() Greg Kroah-Hartman
2021-07-15 18:37 ` [PATCH 5.4 029/122] net: mvpp2: " Greg Kroah-Hartman
2021-07-15 18:37 ` [PATCH 5.4 030/122] net: micrel: " Greg Kroah-Hartman
2021-07-15 18:37 ` [PATCH 5.4 031/122] net: moxa: Use devm_platform_get_and_ioremap_resource() Greg Kroah-Hartman
2021-07-15 21:26 ` Sudip Mukherjee
2021-07-16 1:37 ` Yang Yingliang
2021-07-16 17:57 ` Greg Kroah-Hartman
2021-07-15 18:37 ` [PATCH 5.4 032/122] drm/amd/display: Update scaling settings on modeset Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 033/122] drm/amd/display: Release MST resources on switch from MST to SST Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 034/122] drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7 Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 035/122] drm/amdkfd: use allowed domain for vmbo validation Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 036/122] fjes: check return value after calling platform_get_resource() Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 037/122] selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 038/122] r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 039/122] drm/amd/display: Verify Gamma & Degamma LUT sizes in amdgpu_dm_atomic_check Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 040/122] xfrm: Fix error reporting in xfrm_state_construct Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 041/122] wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 042/122] wl1251: Fix possible buffer overflow in wl1251_cmd_scan Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 043/122] cw1200: add missing MODULE_DEVICE_TABLE Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 044/122] bpf: Fix up register-based shifts in interpreter to silence KUBSAN Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 045/122] mt76: mt7615: fix fixed-rate tx status reporting Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 046/122] net: fix mistake path for netdev_features_strings Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 047/122] net: sched: fix error return code in tcf_del_walker() Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 048/122] drm/amdkfd: Walk through list with dqm lock hold Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 049/122] rtl8xxxu: Fix device info for RTL8192EU devices Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 050/122] MIPS: add PMD table accounting into MIPSpmd_alloc_one Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 051/122] atm: nicstar: use dma_free_coherent instead of kfree Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 052/122] atm: nicstar: register the interrupt handler in the right place Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 053/122] vsock: notify server to shutdown when client has pending signal Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 054/122] RDMA/rxe: Dont overwrite errno from ib_umem_get() Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 055/122] iwlwifi: mvm: dont change band on bound PHY contexts Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 056/122] iwlwifi: pcie: free IML DMA memory allocation Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 057/122] iwlwifi: pcie: fix context info freeing Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 058/122] sfc: avoid double pci_remove of VFs Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 059/122] sfc: error code if SRIOV cannot be disabled Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 060/122] wireless: wext-spy: Fix out-of-bounds warning Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 061/122] media, bpf: Do not copy more entries than user space requested Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 062/122] net: ip: avoid OOM kills with large UDP sends over loopback Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 063/122] RDMA/cma: Fix rdma_resolve_route() memory leak Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 064/122] Bluetooth: btusb: Fixed too many in-token issue for Mediatek Chip Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 065/122] Bluetooth: Fix the HCI to MGMT status conversion table Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 066/122] Bluetooth: Shutdown controller after workqueues are flushed or cancelled Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 067/122] Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 068/122] sctp: validate from_addr_param return Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 069/122] sctp: add size validation when walking chunks Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 070/122] MIPS: loongsoon64: Reserve memory below starting pfn to prevent Oops Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 071/122] MIPS: set mips32r5 for virt extensions Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 072/122] fscrypt: dont ignore minor_hash when hash is 0 Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 073/122] crypto: ccp - Annotate SEV Firmware file names Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 074/122] perf bench: Fix 2 memory sanitizer warnings Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 075/122] powerpc/mm: Fix lockup on kernel exec fault Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 076/122] powerpc/barrier: Avoid collision with clangs __lwsync macro Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 077/122] drm/amdgpu: Update NV SIMD-per-CU to 2 Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 078/122] drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 079/122] drm/rockchip: dsi: remove extra component_del() call Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 080/122] drm/amd/display: fix incorrrect valid irq check Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 081/122] pinctrl/amd: Add device HID for new AMD GPIO controller Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 082/122] drm/amd/display: Reject non-zero src_y and src_x for video planes Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 083/122] drm/tegra: Dont set allow_fb_modifiers explicitly Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 084/122] drm/msm/mdp4: Fix modifier support enabling Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 085/122] drm/arm/malidp: Always list modifiers Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 086/122] mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 087/122] mmc: core: clear flags before allowing to retune Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 088/122] mmc: core: Allow UHS-I voltage switch for SDSC cards if supported Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 089/122] ata: ahci_sunxi: Disable DIPM Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 090/122] cpu/hotplug: Cure the cpusets trainwreck Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 091/122] clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround Greg Kroah-Hartman
2021-07-15 18:38 ` [PATCH 5.4 092/122] fpga: stratix10-soc: Add missing fpga_mgr_free() call Greg Kroah-Hartman
2021-07-15 18:39 ` [PATCH 5.4 093/122] MIPS: fix "mipsel-linux-ld: decompress.c:undefined reference to `memmove" Greg Kroah-Hartman
2021-07-15 18:39 ` [PATCH 5.4 094/122] ASoC: tegra: Set driver_name=tegra for all machine drivers Greg Kroah-Hartman
2021-07-15 18:39 ` [PATCH 5.4 095/122] qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute Greg Kroah-Hartman
2021-07-15 18:39 ` [PATCH 5.4 096/122] ipmi/watchdog: Stop watchdog timer when the current action is none Greg Kroah-Hartman
2021-07-15 18:39 ` [PATCH 5.4 097/122] xfrm: policy: Read seqcount outside of rcu-read side in xfrm_policy_lookup_bytype Greg Kroah-Hartman
2021-07-15 18:54 ` Florian Westphal
2021-07-16 17:47 ` Greg Kroah-Hartman
2021-07-15 18:39 ` [PATCH 5.4 098/122] thermal/drivers/int340x/processor_thermal: Fix tcc setting Greg Kroah-Hartman
2021-07-15 18:39 ` [PATCH 5.4 099/122] ubifs: Fix races between xattr_{set|get} and listxattr operations Greg Kroah-Hartman
2021-07-15 18:39 ` [PATCH 5.4 100/122] power: supply: ab8500: Fix an old bug Greg Kroah-Hartman
2021-07-15 18:39 ` [PATCH 5.4 101/122] nvmem: core: add a missing of_node_put Greg Kroah-Hartman
2021-07-15 18:39 ` [PATCH 5.4 102/122] extcon: intel-mrfld: Sync hardware and software state on init Greg Kroah-Hartman
2021-07-15 18:39 ` [PATCH 5.4 103/122] seq_buf: Fix overflow in seq_buf_putmem_hex() Greg Kroah-Hartman
2021-07-15 18:39 ` [PATCH 5.4 104/122] rq-qos: fix missed wake-ups in rq_qos_throttle try two Greg Kroah-Hartman
2021-07-15 18:39 ` [PATCH 5.4 105/122] tracing: Simplify & fix saved_tgids logic Greg Kroah-Hartman
2021-07-15 18:39 ` [PATCH 5.4 106/122] tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT Greg Kroah-Hartman
2021-07-15 18:39 ` [PATCH 5.4 107/122] ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe Greg Kroah-Hartman
2021-07-15 18:39 ` [PATCH 5.4 108/122] coresight: tmc-etf: Fix global-out-of-bounds in tmc_update_etf_buffer() Greg Kroah-Hartman
2021-07-15 18:39 ` Greg Kroah-Hartman [this message]
2021-07-15 18:39 ` [PATCH 5.4 110/122] PCI: Leave Apple Thunderbolt controllers on for s2idle or standby Greg Kroah-Hartman
2021-07-15 18:39 ` [PATCH 5.4 111/122] PCI: aardvark: Fix checking for PIO Non-posted Request Greg Kroah-Hartman
2021-07-15 18:39 ` [PATCH 5.4 112/122] PCI: aardvark: Implement workaround for the readback value of VEND_ID Greg Kroah-Hartman
2021-07-15 18:39 ` [PATCH 5.4 113/122] media: subdev: disallow ioctl for saa6588/davinci Greg Kroah-Hartman
2021-07-15 18:39 ` [PATCH 5.4 114/122] media: dtv5100: fix control-request directions Greg Kroah-Hartman
2021-07-15 18:39 ` [PATCH 5.4 115/122] media: zr364xx: fix memory leak in zr364xx_start_readpipe Greg Kroah-Hartman
2021-07-15 18:39 ` [PATCH 5.4 116/122] media: gspca/sq905: fix control-request direction Greg Kroah-Hartman
2021-07-15 18:39 ` [PATCH 5.4 117/122] media: gspca/sunplus: fix zero-length control requests Greg Kroah-Hartman
2021-07-15 18:39 ` [PATCH 5.4 118/122] media: rtl28xxu: fix zero-length control request Greg Kroah-Hartman
2021-07-15 18:39 ` [PATCH 5.4 119/122] media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K Greg Kroah-Hartman
2021-07-15 18:39 ` [PATCH 5.4 120/122] pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq() Greg Kroah-Hartman
2021-07-15 18:39 ` [PATCH 5.4 121/122] jfs: fix GPF in diFree Greg Kroah-Hartman
2021-07-15 18:39 ` [PATCH 5.4 122/122] smackfs: restrict bytes count in smk_set_cipso() Greg Kroah-Hartman
2021-07-15 21:59 ` [PATCH 5.4 000/122] 5.4.133-rc1 review Florian Fainelli
2021-07-16 11:53 ` Naresh Kamboju
2021-07-17 1:21 ` Samuel Zou
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210715182520.673081149@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=houtao1@huawei.com \
--cc=linux-kernel@vger.kernel.org \
--cc=snitzer@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).