Mathieu Desnoyers (2): nvdimm/pmem: fix leak on dax_add_host() failure dax: alloc_dax() return ERR_PTR(-EOPNOTSUPP) for CONFIG_DAX=n
drivers/dax/super.c | 5 +++++ drivers/nvdimm/pmem.c | 3 +-- include/linux/dax.h | 6 +----- 3 files changed, 7 insertions(+), 7 deletions(-)
反馈: 您发送到kernel@openeuler.org的补丁/补丁集,已成功转换为PR! PR链接地址: https://gitee.com/openeuler/kernel/pulls/9933 邮件列表地址:https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/2...
FeedBack: The patch(es) which you have sent to kernel@openeuler.org mailing list has been converted to a pull request successfully! Pull request link: https://gitee.com/openeuler/kernel/pulls/9933 Mailing list address: https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/2...
From: Mathieu Desnoyers mathieu.desnoyers@efficios.com
mainline inclusion from mainline-v6.9-rc1 commit f6932a275461e339de69df01195c50951f039153 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IAD301 CVE: NA
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
Fix a leak on dax_add_host() error, where "goto out_cleanup_dax" is done before setting pmem->dax_dev, which therefore issues the two following calls on NULL pointers:
out_cleanup_dax: kill_dax(pmem->dax_dev); put_dax(pmem->dax_dev);
Link: https://lkml.kernel.org/r/20240208184913.484340-1-mathieu.desnoyers@efficios... Link: https://lkml.kernel.org/r/20240208184913.484340-2-mathieu.desnoyers@efficios... Signed-off-by: Mathieu Desnoyers mathieu.desnoyers@efficios.com Reviewed-by: Dan Williams dan.j.williams@intel.com Reviewed-by: Fan Ni fan.ni@samsung.com Reviewed-by: Dave Jiang dave.jiang@intel.com Cc: Alasdair Kergon agk@redhat.com Cc: Mike Snitzer snitzer@kernel.org Cc: Mikulas Patocka mpatocka@redhat.com Cc: Dan Williams dan.j.williams@intel.com Cc: Matthew Wilcox willy@infradead.org Cc: Arnd Bergmann arnd@arndb.de Cc: Russell King linux@armlinux.org.uk Cc: Dave Chinner david@fromorbit.com Cc: Linus Torvalds torvalds@linux-foundation.org Signed-off-by: Andrew Morton akpm@linux-foundation.org Signed-off-by: Zhihao Cheng chengzhihao1@huawei.com --- drivers/nvdimm/pmem.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/nvdimm/pmem.c b/drivers/nvdimm/pmem.c index 4e8fdcb3f1c8..9fe358090720 100644 --- a/drivers/nvdimm/pmem.c +++ b/drivers/nvdimm/pmem.c @@ -566,12 +566,11 @@ static int pmem_attach_disk(struct device *dev, set_dax_nomc(dax_dev); if (is_nvdimm_sync(nd_region)) set_dax_synchronous(dax_dev); + pmem->dax_dev = dax_dev; rc = dax_add_host(dax_dev, disk); if (rc) goto out_cleanup_dax; dax_write_cache(dax_dev, nvdimm_has_cache(nd_region)); - pmem->dax_dev = dax_dev; - rc = device_add_disk(dev, disk, pmem_attribute_groups); if (rc) goto out_remove_host;
From: Mathieu Desnoyers mathieu.desnoyers@efficios.com
mainline inclusion from mainline-v6.9-rc1 commit 6d439c18d9b190ab1e0f1196bc45590f95752bf1 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IAD301 CVE: NA
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
Change the return value from NULL to PTR_ERR(-EOPNOTSUPP) for CONFIG_DAX=n to be consistent with the fact that CONFIG_DAX=y never returns NULL.
This is done in preparation for using cpu_dcache_is_aliasing() in a following change which will properly support architectures which detect data cache aliasing at runtime.
Link: https://lkml.kernel.org/r/20240215144633.96437-3-mathieu.desnoyers@efficios.... Fixes: 4e4ced93794a ("dax: Move mandatory ->zero_page_range() check in alloc_dax()") Signed-off-by: Mathieu Desnoyers mathieu.desnoyers@efficios.com Reviewed-by: Dan Williams dan.j.williams@intel.com Cc: Dan Williams dan.j.williams@intel.com Cc: Vishal Verma vishal.l.verma@intel.com Cc: Dave Jiang dave.jiang@intel.com Cc: Matthew Wilcox willy@infradead.org Cc: Arnd Bergmann arnd@arndb.de Cc: Russell King linux@armlinux.org.uk Cc: Alasdair Kergon agk@redhat.com Cc: Christoph Hellwig hch@lst.de Cc: Dave Chinner david@fromorbit.com Cc: Heiko Carstens hca@linux.ibm.com Cc: kernel test robot lkp@intel.com Cc: Michael Sclafani dm-devel@lists.linux.dev Cc: Mike Snitzer snitzer@kernel.org Cc: Mikulas Patocka mpatocka@redhat.com Signed-off-by: Andrew Morton akpm@linux-foundation.org Signed-off-by: Zhihao Cheng chengzhihao1@huawei.com --- drivers/dax/super.c | 5 +++++ include/linux/dax.h | 6 +----- 2 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/drivers/dax/super.c b/drivers/dax/super.c index cded535b3610..2f256f28fe33 100644 --- a/drivers/dax/super.c +++ b/drivers/dax/super.c @@ -328,6 +328,11 @@ EXPORT_SYMBOL_GPL(dax_alive); * that any fault handlers or operations that might have seen * dax_alive(), have completed. Any operations that start after * synchronize_srcu() has run will abort upon seeing !dax_alive(). + * + * Note, because alloc_dax() returns an ERR_PTR() on error, callers + * typically store its result into a local variable in order to check + * the result. Therefore, care must be taken to populate the struct + * device dax_dev field make sure the dax_dev is not leaked. */ void kill_dax(struct dax_device *dax_dev) { diff --git a/include/linux/dax.h b/include/linux/dax.h index a65ecd064e93..d6f8dad7321c 100644 --- a/include/linux/dax.h +++ b/include/linux/dax.h @@ -95,11 +95,7 @@ static inline void *dax_holder(struct dax_device *dax_dev) static inline struct dax_device *alloc_dax(void *private, const struct dax_operations *ops) { - /* - * Callers should check IS_ENABLED(CONFIG_DAX) to know if this - * NULL is an error or expected. - */ - return NULL; + return ERR_PTR(-EOPNOTSUPP); } static inline void put_dax(struct dax_device *dax_dev) {
-
patchwork bot -
Zhihao Cheng