iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b15bd8cb37
linux/drivers/block
History
Munehisa Kamata b15bd8cb37 xen-blkfront: use a right index when checking requests 
Since commit d05d7f4079 ("Merge branch 'for-4.8/core' of
git://git.kernel.dk/linux-block") and 3fc9d69093 ("Merge branch
'for-4.8/drivers' of git://git.kernel.dk/linux-block"), blkfront_resume()
has been using an index for iterating ring_info to check request when
iterating blk_shadow in an inner loop. This seems to have been
accidentally introduced during the massive rewrite of the block layer
macros in the commits.

This may cause crash like this:

[11798.057074] BUG: unable to handle kernel NULL pointer dereference at 0000000000000048
[11798.058832] IP: [<ffffffff814411fa>] blkfront_resume+0x10a/0x610
....
[11798.061063] Call Trace:
[11798.061063]  [<ffffffff8139ce93>] xenbus_dev_resume+0x53/0x140
[11798.061063]  [<ffffffff8139ce40>] ? xenbus_dev_probe+0x150/0x150
[11798.061063]  [<ffffffff813f359e>] dpm_run_callback+0x3e/0x110
[11798.061063]  [<ffffffff813f3a08>] device_resume+0x88/0x190
[11798.061063]  [<ffffffff813f4cc0>] dpm_resume+0x100/0x2d0
[11798.061063]  [<ffffffff813f5221>] dpm_resume_end+0x11/0x20
[11798.061063]  [<ffffffff813950a8>] do_suspend+0xe8/0x1a0
[11798.061063]  [<ffffffff813954bd>] shutdown_handler+0xfd/0x130
[11798.061063]  [<ffffffff8139aba0>] ? split+0x110/0x110
[11798.061063]  [<ffffffff8139ac26>] xenwatch_thread+0x86/0x120
[11798.061063]  [<ffffffff810b4570>] ? prepare_to_wait_event+0x110/0x110
[11798.061063]  [<ffffffff8108fe57>] kthread+0xd7/0xf0
[11798.061063]  [<ffffffff811da811>] ? kfree+0x121/0x170
[11798.061063]  [<ffffffff8108fd80>] ? kthread_park+0x60/0x60
[11798.061063]  [<ffffffff810863b0>] ?  call_usermodehelper_exec_work+0xb0/0xb0
[11798.061063]  [<ffffffff810864ea>] ?  call_usermodehelper_exec_async+0x13a/0x140
[11798.061063]  [<ffffffff81534a45>] ret_from_fork+0x25/0x30

Use the right index in the inner loop.

Fixes: d05d7f4079 ("Merge branch 'for-4.8/core' of git://git.kernel.dk/linux-block")
Fixes: 3fc9d69093 ("Merge branch 'for-4.8/drivers' of git://git.kernel.dk/linux-block")
Signed-off-by: Munehisa Kamata <kamatam@amazon.com>
Reviewed-by: Thomas Friebel <friebelt@amazon.de>
Reviewed-by: Eduardo Valentin <eduval@amazon.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Roger Pau Monne <roger.pau@citrix.com>
Cc: xen-devel@lists.xenproject.org
Cc: stable@vger.kernel.org
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
2017-08-15 10:34:04 -04:00
..
aoe block: don't set bounce limit in blk_init_queue 2017-06-27 12:13:45 -06:00
drbd Merge branch 'work.misc-set_fs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-07-05 13:13:32 -07:00
mtip32xx Merge branch 'nvme-4.13' of git://git.infradead.org/nvme into for-linus 2017-07-10 11:44:34 -06:00
paride block: don't set bounce limit in blk_init_queue 2017-06-27 12:13:45 -06:00
rsxx block: don't bother with bounce limits for make_request drivers 2017-06-27 12:13:45 -06:00
xen-blkback Merge commit '8e8320c9315c' into for-4.13/block 2017-06-22 21:55:24 -06:00
zram zram: constify attribute_group structures. 2017-07-10 16:32:33 -07:00
amiflop.c block: introduce new block status code type 2017-06-09 09:27:32 -06:00
ataflop.c block: introduce new block status code type 2017-06-09 09:27:32 -06:00
brd.c ARM: fix rd_size declaration 2017-07-10 16:32:34 -07:00
cciss_cmd.h
cciss_scsi.c cciss: Remove kmalloc cast 2017-02-22 11:54:49 -07:00
cciss_scsi.h
cciss.c cciss: initialize struct scsi_req 2017-07-06 12:23:51 -06:00
cciss.h SCSI misc on 20170220 2017-02-21 11:51:42 -08:00
cryptoloop.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
DAC960.c block: introduce new block status code type 2017-06-09 09:27:32 -06:00
DAC960.h
floppy.c Merge branch 'misc.compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-07-06 20:57:13 -07:00
Kconfig libnvdimm for 4.12 2017-05-05 18:49:20 -07:00
loop.c Merge branch 'work.read_write' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-07-05 14:35:57 -07:00
loop.h loop: support 4k physical blocksize 2017-06-08 08:40:00 -06:00
Makefile block: remove the osdblk driver 2017-04-19 09:10:51 -06:00
nbd.c nbd: only set sndtimeo if we have a timeout set 2017-07-22 11:12:32 -06:00
null_blk.c null_blk: fix error flow for shared tags during module_init 2017-07-06 09:52:09 -06:00
pktcdvd.c driver core patches for 4.13-rc1 2017-07-03 20:27:48 -07:00
ps3disk.c block: introduce new block status code type 2017-06-09 09:27:32 -06:00
ps3vram.c blk: remove bio_set arg from blk_queue_split() 2017-06-18 12:40:59 -06:00
rbd_types.h rbd: RBD_V{1,2}_DATA_FORMAT macros 2017-02-20 12:16:15 +01:00
rbd.c rbd: use bio_clone_fast() instead of bio_clone() 2017-06-18 12:40:59 -06:00
skd_main.c block: don't set bounce limit in blk_init_queue 2017-06-27 12:13:45 -06:00
skd_s1120.h skd: fix formatting in skd_s1120.h 2013-11-08 09:10:30 -07:00
smart1,2.h
sunvdc.c block: introduce new block status code type 2017-06-09 09:27:32 -06:00
swim3.c block: don't set bounce limit in blk_init_queue 2017-06-27 12:13:45 -06:00
swim_asm.S
swim.c block: don't set bounce limit in blk_init_queue 2017-06-27 12:13:45 -06:00
sx8.c block: introduce new block status code type 2017-06-09 09:27:32 -06:00
umem.c blk: remove bio_set arg from blk_queue_split() 2017-06-18 12:40:59 -06:00
umem.h
virtio_blk.c virtio_blk: quiesce/unquiesce live IO when entering PM states 2017-07-06 09:49:34 +03:00
xen-blkfront.c xen-blkfront: use a right index when checking requests 2017-08-15 10:34:04 -04:00
xsysace.c block: don't set bounce limit in blk_init_queue 2017-06-27 12:13:45 -06:00
z2ram.c block: introduce new block status code type 2017-06-09 09:27:32 -06:00