linux/drivers/block
Mike Krinkin 21974061cf null_blk: fix use-after-free problem
end_cmd finishes request associated with nullb_cmd struct, so we
should save pointer to request_queue in a local variable before
calling end_cmd.

The problem was causes general protection fault with slab poisoning
enabled.

Fixes: 8b70f45e2e ("null_blk: restart request processing on completion handler")
Tested-by: Akinobu Mita <akinobu.mita@gmail.com>
Signed-off-by: Mike Krinkin <krinkin.m.u@gmail.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
2015-07-22 13:30:20 -06:00
..
aoe block: remove artifical max_hw_sectors cap 2014-10-21 14:02:54 -06:00
drbd Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-07-04 19:36:06 -07:00
mtip32xx mtip32xx: Fix accessing freed memory 2015-06-24 08:48:46 -06:00
paride Char/Misc driver patches for 4.2-rc1 2015-06-26 14:51:15 -07:00
rsxx block/rsxx: use generic io stats accounting functions to simplify io stat accounting 2014-11-24 08:05:18 -07:00
xen-blkback xen: features and cleanups for 4.2-rc0 2015-07-01 11:53:46 -07:00
zram zram: check comp algorithm availability earlier 2015-06-25 17:00:37 -07:00
amiflop.c block: drop owner assignment from platform_drivers 2014-10-20 16:20:18 +02:00
ataflop.c Merge branch 'for-3.16/core' of git://git.kernel.dk/linux-block into next 2014-06-02 09:29:34 -07:00
brd.c brd: rename XIP to DAX 2015-02-16 17:56:04 -08:00
cciss_cmd.h
cciss_scsi.c scsi: Do not set cmd_per_lun to 1 in the host template 2015-05-31 18:06:28 -07:00
cciss_scsi.h
cciss.c cciss: correct the non-resettable board list 2015-05-31 11:14:34 -07:00
cciss.h
cpqarray.c genirq: Remove the deprecated 'IRQF_DISABLED' request_irq() flag entirely 2015-03-05 20:53:06 +01:00
cpqarray.h
cryptoloop.c move linux/loop.h to drivers/block 2013-06-29 12:46:45 +04:00
DAC960.c block: use pci_zalloc_consistent 2014-08-08 15:57:28 -07:00
DAC960.h
floppy.c floppy: Avoid manual call of device_create_file() 2015-02-03 13:00:36 +01:00
hd.c block: hd: remove deprecated IRQF_DISABLED 2014-10-01 08:16:07 -06:00
ida_cmd.h
ida_ioctl.h
Kconfig libnvdimm, pmem: move pmem to drivers/nvdimm/ 2015-06-24 21:24:10 -04:00
loop.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-07-04 19:36:06 -07:00
loop.h block: loop: don't hold lo_ctl_mutex in lo_open 2015-05-20 09:06:09 -06:00
Makefile libnvdimm, pmem: move pmem to drivers/nvdimm/ 2015-06-24 21:24:10 -04:00
mg_disk.c block: drop owner assignment from platform_drivers 2014-10-20 16:20:18 +02:00
nbd.c block: nbd: convert to blkdev_reread_part() 2015-05-20 09:06:13 -06:00
null_blk.c null_blk: fix use-after-free problem 2015-07-22 13:30:20 -06:00
nvme-core.c NVMe: Reread partitions on metadata formats 2015-07-15 15:36:47 -06:00
nvme-scsi.c Merge branch 'for-4.2/drivers' of git://git.kernel.dk/linux-block 2015-06-25 15:12:50 -07:00
osdblk.c block: support different tag allocation policy 2015-01-23 14:15:46 -07:00
pktcdvd.c writeback: separate out include/linux/backing-dev-defs.h 2015-06-02 08:33:34 -06:00
ps3disk.c block: Kill bio_segments()/bi_vcnt usage 2013-11-23 22:33:51 -08:00
ps3vram.c block/ps3vram: Remove obsolete reference to MTD 2015-06-10 14:06:55 -06:00
rbd_types.h
rbd.c rbd: use GFP_NOIO in rbd_obj_request_create() 2015-07-01 00:46:46 +03:00
skd_main.c block: disable entropy contributions for nonrot devices 2014-10-04 10:55:32 -06:00
skd_s1120.h skd: fix formatting in skd_s1120.h 2013-11-08 09:10:30 -07:00
smart1,2.h
sunvdc.c sunvdc: reconnect ldc after vds service domain restarts 2014-12-11 18:52:45 -08:00
swim3.c powerpc: Move Power Macintosh drivers to generic byteswappers 2015-03-23 14:29:40 +11:00
swim_asm.S
swim.c block: drop owner assignment from platform_drivers 2014-10-20 16:20:18 +02:00
sx8.c block: rename REQ_TYPE_SPECIAL to REQ_TYPE_DRV_PRIV 2015-05-05 13:40:03 -06:00
umem.c block: Convert drivers to immutable biovecs 2013-11-23 22:33:51 -08:00
umem.h
virtio_blk.c block: rename REQ_TYPE_SPECIAL to REQ_TYPE_DRV_PRIV 2015-05-05 13:40:03 -06:00
xen-blkfront.c xen: features and cleanups for 4.2-rc0 2015-07-01 11:53:46 -07:00
xsysace.c block: systemace: Remove .owner field for driver 2014-08-21 20:37:54 -05:00
z2ram.c block: remove struct request buffer member 2014-04-15 14:03:02 -06:00