linux/drivers
Guoqing Jiang eb81b32826 raid10: check bio in r10buf_pool_free to void NULL pointer dereference
For recovery case, r10buf_pool_alloc only allocates 2 bios,
so we can't access more than 2 bios in r10buf_pool_free.
Otherwise, we can see NULL pointer dereference as follows:

[   98.347009] BUG: unable to handle kernel NULL pointer dereference
at 0000000000000050
[   98.355783] IP: r10buf_pool_free+0x38/0xe0 [raid10]
[...]
[   98.543734] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   98.550161] CR2: 0000000000000050 CR3: 000000089500a001 CR4: 00000000001606f0
[   98.558145] Call Trace:
[   98.560881]  <IRQ>
[   98.563136]  put_buf+0x19/0x20 [raid10]
[   98.567426]  end_sync_request+0x6b/0x70 [raid10]
[   98.572591]  end_sync_write+0x9b/0x160 [raid10]
[   98.577662]  blk_update_request+0x78/0x2c0
[   98.582254]  scsi_end_request+0x2c/0x1e0 [scsi_mod]
[   98.587719]  scsi_io_completion+0x22f/0x610 [scsi_mod]
[   98.593472]  blk_done_softirq+0x8e/0xc0
[   98.597767]  __do_softirq+0xde/0x2b3
[   98.601770]  irq_exit+0xae/0xb0
[   98.605285]  do_IRQ+0x81/0xd0
[   98.608606]  common_interrupt+0x7d/0x7d
[   98.612898]  </IRQ>

So we need to check the bio is valid or not before the bio is
used in r10buf_pool_free. Another workable way is to free 2 bios
for recovery case just like r10buf_pool_alloc.

Fixes: f025061836 ("md: raid10: don't use bio's vec table to manage resync pages")
Reported-by: Alexis Castilla <pencerval@gmail.com>
Tested-by: Alexis Castilla <pencerval@gmail.com>
Signed-off-by: Guoqing Jiang <gqjiang@suse.com>
Signed-off-by: Shaohua Li <shli@fb.com>
2018-05-01 09:47:50 -07:00
..
accessibility
acpi xen: fixes for 4.17-rc1 2018-04-12 11:04:35 -07:00
amba
android
ata Merge branch 'for-4.17' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata 2018-04-03 17:42:25 -07:00
atm atm: iphase: fix spelling mistake: "Tansmit" -> "Transmit" 2018-04-19 13:41:49 -04:00
auxdisplay
base mm: check __highest_present_section_nr directly in memory_dev_init() 2018-04-11 10:28:31 -07:00
bcma
block rbd: notrim map option 2018-04-16 09:38:40 +02:00
bluetooth Bluetooth: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for BTUSB_QCA_ROME 2018-04-01 21:43:02 +03:00
bus pci-v4.17-changes 2018-04-06 18:31:06 -07:00
cdrom
char RTC for 4.17 2018-04-10 10:22:27 -07:00
clk The large diff this time around is from the addition of a new clk driver 2018-04-13 15:51:06 -07:00
clocksource Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-04-16 12:44:03 -07:00
connector
cpufreq cpufreq: Drop cpufreq_table_validate_and_show() 2018-04-10 08:40:45 +02:00
cpuidle cpuidle: menu: Avoid selecting shallow states with stopped tick 2018-04-09 11:54:57 +02:00
crypto .gitignore: move *-asn1.[ch] patterns to the top-level .gitignore 2018-04-07 19:04:02 +09:00
dax libnvdimm for 4.17 2018-04-10 10:25:57 -07:00
dca
devfreq
dio
dma DMAengine updates for v4.17-rc1 2018-04-10 12:14:37 -07:00
dma-buf
edac * Add NVDIMM support to EDAC (Tony Luck) 2018-04-05 14:21:13 -07:00
eisa
extcon Char/Misc patches for 4.17-rc1 2018-04-04 20:07:20 -07:00
firewire
firmware Merge branch 'dmi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging 2018-04-13 16:32:16 -07:00
fmc treewide: Fix typos in printk 2018-03-27 09:51:22 +02:00
fpga
fsi
gpio DeviceTree updates for 4.17: 2018-04-05 21:03:42 -07:00
gpu amdgpu, omap and snd regression fix 2018-04-12 20:56:10 -07:00
hid HID: i2c-hid: fix inverted return value from i2c_hid_command() 2018-04-19 09:25:15 +02:00
hsi
hv ARM: 2018-04-09 11:42:31 -07:00
hwmon hwmon updates for v4.17 2018-04-09 19:59:54 -07:00
hwspinlock
hwtracing Char/Misc patches for 4.17-rc1 2018-04-04 20:07:20 -07:00
i2c i2c: add param sanity check to i2c_transfer() 2018-04-11 23:33:46 +02:00
ide for-4.17/block-20180402 2018-04-05 14:27:02 -07:00
idle
iio This is the bulk of GPIO changes for the v4.17 kernel cycle: 2018-04-05 09:51:41 -07:00
infiniband Merge candidates for 4.17 merge window 2018-04-06 17:35:43 -07:00
input Changes to chrome-platform for v4.17 2018-04-13 16:20:36 -07:00
iommu IOMMU Updates for Linux v4.17 2018-04-11 18:50:41 -07:00
ipack
irqchip IOMMU Updates for Linux v4.17 2018-04-11 18:50:41 -07:00
isdn mISDN: Remove VLAs 2018-04-12 21:46:10 -04:00
leds
lightnvm lightnvm: pblk: remove some unnecessary NULL checks 2018-03-29 17:29:09 -06:00
macintosh powerpc updates for 4.17 2018-04-07 12:08:19 -07:00
mailbox
mcb
md raid10: check bio in r10buf_pool_free to void NULL pointer dereference 2018-05-01 09:47:50 -07:00
media remoteproc updates for v4.17 2018-04-10 12:09:27 -07:00
memory
memstick
message
mfd platform/chrome: mfd/cros_ec_dev: Add sysfs entry to set keyboard wake lid angle 2018-04-10 22:25:07 -07:00
misc * Fix 2032 time access issues and new compiler warnings 2018-04-12 10:21:19 -07:00
mmc MMC host: 2018-04-20 10:41:31 -07:00
mtd This pull request contains updates for both UBI and UBIFS: 2018-04-11 16:39:34 -07:00
mux
net bnxt_en: Fix memory fault in bnxt_ethtool_init() 2018-04-19 16:35:09 -04:00
nfc
ntb
nubus
nvdimm libnvdimm for 4.17 2018-04-10 10:25:57 -07:00
nvme nvme: expand nvmf_check_if_ready checks 2018-04-12 09:58:27 -06:00
nvmem Char/Misc patches for 4.17-rc1 2018-04-04 20:07:20 -07:00
of Kbuild updates for v4.17 (2nd) 2018-04-15 17:21:30 -07:00
opp
oprofile oprofilefs: don't oops on allocation failure 2018-03-29 15:07:48 -04:00
parisc parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode 2018-03-27 18:52:22 +02:00
parport Char/Misc patches for 4.17-rc1 2018-04-04 20:07:20 -07:00
pci PCI: Remove messages about reassigning resources 2018-04-11 08:46:50 -05:00
pcmcia Merge branch 'for-linus-sa1100' of git://git.armlinux.org.uk/~rmk/linux-arm 2018-04-09 09:26:36 -07:00
perf ARM: SoC driver updates for 4.17 2018-04-05 21:29:35 -07:00
phy ARM: SoC platform updates for 4.17 2018-04-05 21:21:08 -07:00
pinctrl This is the bulk of GPIO changes for the v4.17 kernel cycle: 2018-04-05 09:51:41 -07:00
platform Changes to chrome-platform for v4.17 2018-04-13 16:20:36 -07:00
pnp
power ARM: SoC platform updates for 4.17 2018-04-05 21:21:08 -07:00
powercap
pps
ps3
ptp
pwm pwm: Changes for v4.17-rc1 2018-04-13 15:46:21 -07:00
rapidio rapidio: use a reference count for struct mport_dma_req 2018-04-11 10:28:37 -07:00
ras
regulator Merge remote-tracking branches 'regulator/topic/88pg86x', 'regulator/topic/dt', 'regulator/topic/formatting' and 'regulator/topic/gpio' into regulator-next 2018-03-28 10:33:53 +08:00
remoteproc remoteproc: fix null pointer dereference on glink only platforms 2018-04-05 22:53:16 -07:00
reset Merge branch 'reset/lookup' into reset/next 2018-03-27 11:03:43 +02:00
rpmsg rpmsg: smd: Use announce_create to process any receive work 2018-03-27 21:54:37 -07:00
rtc RTC for 4.17 2018-04-10 10:22:27 -07:00
s390 s390: remove couple of duplicate includes 2018-04-16 09:10:24 +02:00
sbus sparc64: Properly range check DAX completion index 2018-04-01 20:07:00 -04:00
scsi SCSI fixes on 20180415 2018-04-15 17:24:12 -07:00
sfi
sh
siox
slimbus
sn
soc The large diff this time around is from the addition of a new clk driver 2018-04-13 15:51:06 -07:00
soundwire
spi spi: SPI updates for v4.17 2018-04-03 12:06:21 -07:00
spmi
ssb
staging page cache: use xa_lock 2018-04-11 10:28:39 -07:00
target for-4.17/block-20180402 2018-04-05 14:27:02 -07:00
tc
tee
thermal Merge branches 'thermal-core' and 'thermal-soc' into next 2018-04-13 14:11:53 +08:00
thunderbolt
tty Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2018-04-09 09:04:10 -07:00
uio
usb Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2018-04-07 11:11:41 -07:00
uwb
vfio VFIO updates for v4.17-rc1 2018-04-06 19:44:27 -07:00
vhost vhost: return bool from *_access_ok() functions 2018-04-11 10:54:06 -04:00
video fbdev changes for v4.17: 2018-04-10 10:20:00 -07:00
virt
virtio virtio: feature 2018-04-11 18:58:27 -07:00
visorbus
vlynq
vme
w1
watchdog linux-watchdog 4.17-rc1 merge window tag 2018-04-13 15:43:50 -07:00
xen xen: fixes and one header update for 4.17-rc2 2018-04-20 08:36:04 -07:00
zorro
Kconfig hwtracing: Add HW tracing support menu 2018-03-29 13:38:10 +03:00
Makefile