linux/block
Jens Axboe 7ad58c0286 block: fix use-after-free bug in blk throttle code
blk_throtl_exit() frees the throttle data hanging off the queue
in blk_cleanup_queue(), but blk_put_queue() will indirectly
dereference this data when calling blk_sync_queue() which in
turns calls throtl_shutdown_timer_wq().

Fix this by moving the freeing of the throttle data to when
the queue is truly being released, and post the call to
blk_sync_queue().

Reported-by: Ingo Molnar <mingo@elte.hu>
Tested-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
2010-10-23 20:40:26 +02:00
..
blk-cgroup.c Merge branch 'for-2.6.37/core' of git://git.kernel.dk/linux-2.6-block 2010-10-22 17:00:32 -07:00
blk-cgroup.h blkio-throttle: limit max iops value to UINT_MAX 2010-10-01 21:16:41 +02:00
blk-core.c block: fix use-after-free bug in blk throttle code 2010-10-23 20:40:26 +02:00
blk-exec.c block: Prevent hang_check firing during long I/O 2010-09-24 15:52:09 +02:00
blk-flush.c block: remove BLKDEV_IFL_WAIT 2010-09-16 20:52:58 +02:00
blk-integrity.c block: Fix double free in blk_integrity_unregister 2010-10-15 15:49:18 +02:00
blk-ioc.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
blk-iopoll.c tree-wide: fix assorted typos all over the place 2009-12-04 15:39:55 +01:00
blk-lib.c block: remove BLKDEV_IFL_WAIT 2010-09-16 20:52:58 +02:00
blk-map.c Merge branch 'for-2.6.37/core' of git://git.kernel.dk/linux-2.6-block 2010-10-22 17:00:32 -07:00
blk-merge.c Merge branch 'for-2.6.37/core' of git://git.kernel.dk/linux-2.6-block 2010-10-22 17:00:32 -07:00
blk-settings.c Merge branch 'for-2.6.37/barrier' of git://git.kernel.dk/linux-2.6-block 2010-10-22 17:07:18 -07:00
blk-softirq.c generic-ipi: remove CSD_FLAG_WAIT 2009-02-25 14:13:44 +01:00
blk-sysfs.c block: fix use-after-free bug in blk throttle code 2010-10-23 20:40:26 +02:00
blk-tag.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
blk-throttle.c blkio-throttle: Fix possible multiplication overflow in iops calculations 2010-10-01 21:16:42 +02:00
blk-timeout.c block: ensure jiffies wrap is handled correctly in blk_rq_timed_out_timer 2010-04-21 17:42:08 +02:00
blk.h Merge branch 'for-2.6.37/barrier' of git://git.kernel.dk/linux-2.6-block 2010-10-22 17:07:18 -07:00
bsg.c Merge branch 'llseek' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/bkl 2010-10-22 10:52:56 -07:00
cfq-iosched.c Merge branch 'for-2.6.37/core' of git://git.kernel.dk/linux-2.6-block 2010-10-22 17:00:32 -07:00
cfq.h blk-cgroup: Prepare the base for supporting more than one IO control policies 2010-09-16 08:42:04 +02:00
compat_ioctl.c block: add secure discard 2010-08-12 08:43:30 -07:00
deadline-iosched.c block: convert to pos and nr_sectors accessors 2009-05-11 09:50:54 +02:00
elevator.c Merge branch 'v2.6.36-rc8' into for-2.6.37/barrier 2010-10-19 09:13:04 +02:00
genhd.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core-2.6 2010-10-22 19:36:42 -07:00
ioctl.c Merge branch 'for-2.6.37/barrier' of git://git.kernel.dk/linux-2.6-block 2010-10-22 17:07:18 -07:00
Kconfig blkio: Core implementation of throttle policy 2010-09-16 08:42:52 +02:00
Kconfig.iosched blk-cgroup: config options re-arrangement 2010-04-26 19:27:56 +02:00
Makefile Merge branch 'for-2.6.37/barrier' of git://git.kernel.dk/linux-2.6-block 2010-10-22 17:07:18 -07:00
noop-iosched.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
scsi_ioctl.c block/scsi_ioctl.c: quiet sparse noise 2009-11-04 09:10:33 +01:00