shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-04-01 10:42:58 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
dc26ca54ba8716ae2fdca4e7c51499ae3ceaeb39
linux/drivers/md
History
Xiaomeng Tong 44857c3d30 md: fix an incorrect NULL check in md_reload_sb 
commit 64c54d9244 upstream.

The bug is here:
	if (!rdev || rdev->desc_nr != nr) {

The list iterator value 'rdev' will *always* be set and non-NULL
by rdev_for_each_rcu(), so it is incorrect to assume that the
iterator value will be NULL if the list is empty or no element
found (In fact, it will be a bogus pointer to an invalid struct
object containing the HEAD). Otherwise it will bypass the check
and lead to invalid memory access passing the check.

To fix the bug, use a new variable 'iter' as the list iterator,
while using the original variable 'pdev' as a dedicated pointer to
point to the found element.

Cc: stable@vger.kernel.org
Fixes: 70bcecdb15 ("md-cluster: Improve md_reload_sb to be less error prone")
Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-06-29 09:26:21 +09:00
..
bcache
bcache: fix a lost wake-up problem caused by mca_cannibalize_lock
2023-05-16 09:15:02 +09:00
persistent-data
dm space map common: add bounds check to sm_ll_lookup_bitmap()
2023-05-16 12:32:42 +09:00
bitmap.c
md/bitmap: md_bitmap_get_counter returns wrong blocks
2023-05-16 09:44:51 +09:00
bitmap.h
md-cluster: sync bitmap when node received RESYNCING msg
2016-05-04 12:39:35 -07:00
dm-android-verity.c
md: High security vulnerability in dm-anroid-verity [1/1]
2020-12-17 17:19:05 +09:00
dm-android-verity.h
ANDROID: dm: rebase for 4.9
2017-01-31 10:45:54 -08:00
dm-bio-prison.c
dm: Use kzalloc for all structs with embedded biosets/mempools
2023-05-15 14:54:47 +09:00
dm-bio-prison.h
dm bio prison: add dm_cell_promote_or_release()
2015-05-29 14:19:06 -04:00
dm-bio-record.h
dm: Refactor for new bio cloning/splitting
2013-11-23 22:33:55 -08:00
dm-bufio.c
Revert "dm bufio: fix deadlock with loop device"
2023-05-15 14:21:02 +09:00
dm-bufio.h
dm snapshot: use dm-bufio prefetch
2014-01-14 23:23:03 -05:00
dm-builtin.c
dm: move request-based code out to dm-rq.[hc]
2016-06-10 15:15:44 -04:00
dm-cache-block-types.h
dm cache: revert "remove remainder of distinct discard block size"
2014-11-10 15:25:30 -05:00
dm-cache-metadata.c
dm cache metadata: Avoid returning cmd->bm wild pointer on error
2023-05-16 09:05:00 +09:00
dm-cache-metadata.h
dm cache: make sure every metadata function checks fail_io
2016-03-10 17:12:12 -05:00
dm-cache-policy-cleaner.c
dm cache: speed up writing of the hint array
2016-09-22 11:15:02 -04:00
dm-cache-policy-internal.h
dm cache: speed up writing of the hint array
2016-09-22 11:15:02 -04:00
dm-cache-policy-smq.c
dm cache policy smq: distribute entries to random levels when switching to smq
2016-09-22 11:15:03 -04:00
dm-cache-policy.c
dm cache: add policy name to status output
2014-01-16 13:44:11 -05:00
dm-cache-policy.h
dm cache: speed up writing of the hint array
2016-09-22 11:15:02 -04:00
dm-cache-target.c
dm cache: fix a crash due to incorrect work item cancelling
2023-05-15 17:03:20 +09:00
dm-core.h
dm: allocate struct mapped_device with kvzalloc
2017-11-30 08:39:02 +00:00
dm-crypt.c
dm crypt: make printing of the key constant-time
2023-06-29 09:26:17 +09:00
dm-delay.c
dm delay: fix a crash when invalid device is specified
2023-05-15 12:53:20 +09:00
dm-era-target.c
dm era: Update in-core bitset after committing the metadata
2023-05-16 10:39:15 +09:00
dm-exception-store.c
Merge tag 'dm-4.4-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
2015-11-04 21:19:53 -08:00
dm-exception-store.h
dm snapshot: fix hung bios when copy error occurs
2016-01-08 20:03:05 -05:00
dm-flakey.c
dm flakey: check for null arg_name in parse_features()
2023-05-15 17:15:29 +09:00
dm-io.c
dm: Use kzalloc for all structs with embedded biosets/mempools
2023-05-15 14:54:47 +09:00
dm-ioctl.c
dm ioctl: prevent potential spectre v1 gadget
2023-06-29 09:26:07 +09:00
dm-kcopyd.c
dm: Use kzalloc for all structs with embedded biosets/mempools
2023-05-15 14:54:47 +09:00
dm-linear.c
ANDROID: dm: rebase for 4.9
2017-01-31 10:45:54 -08:00
dm-log-userspace-base.c
dm: drop NULL test before kmem_cache_destroy() and mempool_destroy()
2015-10-31 19:06:00 -04:00
dm-log-userspace-transfer.c
dm log userspace transfer: match wait_for_completion_timeout return type
2015-04-15 12:10:20 -04:00
dm-log-userspace-transfer.h
dm-log-writes.c
Merge branch 'for-4.9/block' of git://git.kernel.dk/linux-block
2016-10-07 14:42:05 -07:00
dm-log.c
dm log: fix unitialized bio operation flags
2016-08-24 21:55:05 -04:00
dm-mpath.c
dm mpath: cleanup -Wbool-operation warning in choose_pgpath()
2017-07-27 15:07:55 -07:00
dm-mpath.h
dm-path-selector.c
md: Add module.h to all files using it implicitly
2011-10-31 19:31:18 -04:00
dm-path-selector.h
dm path selector: remove 'repeat_count' return from .select_path hook
2016-02-22 22:34:42 -05:00
dm-queue-length.c
dm path selector: remove 'repeat_count' return from .select_path hook
2016-02-22 22:34:42 -05:00
dm-raid1.c
dm mirror: use all available legs on multiple failures
2016-10-14 11:55:17 -04:00
dm-raid.c
dm raid: fix rebuild of specific devices by updating superblock
2023-05-15 08:34:02 +09:00
dm-region-hash.c
dm: Use kzalloc for all structs with embedded biosets/mempools
2023-05-15 14:54:47 +09:00
dm-round-robin.c
dm round robin: revert "use percpu 'repeat_count' and 'current_path'"
2017-03-12 06:41:44 +01:00
dm-rq.c
dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails
2023-05-16 10:54:53 +09:00
dm-rq.h
dm rq: introduce dm_mq_kick_requeue_list()
2016-09-15 11:16:05 -04:00
dm-service-time.c
dm path selector: remove 'repeat_count' return from .select_path hook
2016-02-22 22:34:42 -05:00
dm-snap-persistent.c
block: fix an integer overflow in logical block size
2023-05-15 16:34:53 +09:00
dm-snap-transient.c
dm snapshot: fix hung bios when copy error occurs
2016-01-08 20:03:05 -05:00
dm-snap.c
dm snapshot: properly fix a crash when an origin has no snapshots
2023-05-16 11:09:57 +09:00
dm-stats.c
dm stats: add cond_resched when looping over entries
2023-06-29 09:26:17 +09:00
dm-stats.h
dm stats: support precise timestamps
2015-06-17 12:40:40 -04:00
dm-stripe.c
block: rename bio bi_rw to bi_opf
2016-08-07 14:41:02 -06:00
dm-switch.c
dm switch: simplify conditional in alloc_region_table()
2015-10-31 19:06:06 -04:00
dm-sysfs.c
dm: move request-based code out to dm-rq.[hc]
2016-06-10 15:15:44 -04:00
dm-table.c
dm table: fix DAX iterate_devices based device capability checks
2023-05-16 10:46:04 +09:00
dm-target.c
Merge tag 'libnvdimm-for-4.8' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm
2016-07-28 17:38:16 -07:00
dm-thin-metadata.c
dm thin metadata: Avoid returning cmd->bm wild pointer on error
2023-05-16 09:05:01 +09:00
dm-thin-metadata.h
dm thin: fix passdown_double_checking_shared_status()
2023-05-15 11:10:19 +09:00
dm-thin.c
dm: Use kzalloc for all structs with embedded biosets/mempools
2023-05-15 14:54:47 +09:00
dm-uevent.c
md: Add in export.h for files using EXPORT_SYMBOL
2011-10-31 19:31:19 -04:00
dm-uevent.h
dm-verity-avb.c
ANDROID: AVB2: Enable avb2 driver [3/6]
2018-07-09 11:31:20 +08:00
dm-verity-fec.c
dm verity fec: fix hash block number in verity_fec_decode
2023-05-15 17:24:43 +09:00
dm-verity-fec.h
dm verity fec: limit error correction recursion
2017-04-12 12:41:12 +02:00
dm-verity-target.c
dm verity: set DM_TARGET_IMMUTABLE feature flag
2023-06-29 09:26:17 +09:00
dm-verity.h
ANDROID: AVB2: Enable avb2 driver [3/6]
2018-07-09 11:31:20 +08:00
dm-zero.c
block: rename bio bi_rw to bi_opf
2016-08-07 14:41:02 -06:00
dm.c
dm: interlock pending dm_io and dm_wait_for_bios_completion
2023-06-29 09:26:14 +09:00
dm.h
ANDROID: Update init/do_mounts_dm.c to the latest ChromiumOS version.
2017-06-05 11:26:17 -04:00
faulty.c
MD: rename some functions
2016-01-20 13:52:20 -08:00
Kconfig
md: High security vulnerability in dm-anroid-verity [1/1]
2020-12-17 17:19:05 +09:00
linear.c
md/linear: shutup lockdep warnning
2017-10-21 17:21:35 +02:00
linear.h
md linear: fix a race between linear_add() and linear_congested()
2017-03-12 06:41:52 +01:00
Makefile
ANDROID: AVB2: Enable avb2 driver [3/6]
2018-07-09 11:31:20 +08:00
md-cluster.c
md-cluster: fix wild pointer of unlock_all_bitmaps()
2023-05-16 08:45:55 +09:00
md-cluster.h
md-cluster: gather resync infos and enable recv_thread after bitmap is ready
2016-05-09 09:24:03 -07:00
md.c
md: fix an incorrect NULL check in md_reload_sb
2023-06-29 09:26:21 +09:00
md.h
md: changes for MD_STILL_CLOSED flag
2016-09-21 09:09:44 -07:00
multipath.c
block: rename bio bi_rw to bi_opf
2016-08-07 14:41:02 -06:00
multipath.h
md/multipath: typedef removal: multipath_conf_t -> struct mpconf
2011-10-11 16:48:57 +11:00
raid0.c
block: fix an integer overflow in logical block size
2023-05-15 16:34:53 +09:00
raid0.h
block: kill merge_bvec_fn() completely
2015-08-13 12:31:57 -06:00
raid1.c
md: raid1: check rdev before reference in raid1_sync_request func
2023-05-15 16:30:05 +09:00
raid1.h
md-cluster: Use a small window for resync
2015-10-12 01:32:05 -05:00
raid5-cache.c
raid5-cache: correct condition for empty metadata write
2016-10-28 22:04:03 -07:00
raid5.c
md/raid5: fix oops during stripe resizing
2023-05-16 09:45:03 +09:00
raid5.h
md/raid5: Convert to hotplug state machine
2016-09-06 18:30:23 +02:00
raid10.c
md: Fix failed allocation of md_register_thread
2023-05-15 12:06:40 +09:00
raid10.h
raid10: improve random reads performance
2016-07-19 15:20:28 -07:00