linux-stable/block
Junichi Nomura 39caa731fb blk-mq: fix use-after-free in blk_mq_free_tag_set()
commit f42d79ab67 upstream.

tags is freed in blk_mq_free_rq_map() and should not be used after that.
The problem doesn't manifest if CONFIG_CPUMASK_OFFSTACK is false because
free_cpumask_var() is nop.

tags->cpumask is allocated in blk_mq_init_tags() so it's natural to
free cpumask in its counter part, blk_mq_free_tags().

Fixes: f26cdc8536 ("blk-mq: Shared tag enhancements")
Signed-off-by: Jun'ichi Nomura <j-nomura@ce.jp.nec.com>
Cc: Keith Busch <keith.busch@intel.com>
Reviewed-by: Jeff Moyer <jmoyer@redhat.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-11-09 14:37:39 -08:00
..
partitions Merge branch 'for-3.20/core' of git://git.kernel.dk/linux-block 2015-02-12 14:13:23 -08:00
bio-integrity.c bio integrity: do not assume bio_integrity_pool exists if bioset exists 2015-07-07 07:46:47 -06:00
bio.c block: Do a full clone when splitting discard bios 2015-07-23 16:21:34 -06:00
blk-cgroup.c block: blkg_destroy_all() should clear q->root_blkg and ->root_rl.blkg 2015-10-22 14:49:17 -07:00
blk-core.c block: don't release bdi while request_queue has live references 2015-11-09 14:37:36 -08:00
blk-exec.c block: move PM request support to IDE 2015-05-05 13:40:42 -06:00
blk-flush.c blk-mq: fix race between timeout and freeing request 2015-09-29 19:33:15 +02:00
blk-integrity.c writeback: separate out include/linux/backing-dev-defs.h 2015-06-02 08:33:34 -06:00
blk-ioc.c block: Substitute rcu_access_pointer() for rcu_dereference_raw() 2014-02-18 12:21:26 -08:00
blk-iopoll.c Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip into next 2014-06-03 12:57:53 -07:00
blk-lib.c block: Quiesce zeroout wrapper 2015-02-05 10:14:54 -07:00
blk-map.c blk_rq_map_user(): use import_single_range() 2015-04-11 22:27:13 -04:00
blk-merge.c block: only honor SG gap prevention for merges that contain data 2015-05-29 13:10:23 -06:00
blk-mq-cpu.c blk-mq: add file comments and update copyright notices 2014-05-28 10:15:41 -06:00
blk-mq-cpumap.c sched/topology: Rename topology_thread_cpumask() to topology_sibling_cpumask() 2015-05-27 15:22:15 +02:00
blk-mq-sysfs.c blk-mq: fix buffer overflow when reading sysfs file of 'pending' 2015-09-29 19:33:15 +02:00
blk-mq-tag.c blk-mq: fix use-after-free in blk_mq_free_tag_set() 2015-11-09 14:37:39 -08:00
blk-mq-tag.h blk-mq: fix race between timeout and freeing request 2015-09-29 19:33:15 +02:00
blk-mq.c blk-mq: fix use-after-free in blk_mq_free_tag_set() 2015-11-09 14:37:39 -08:00
blk-mq.h blk-mq: release mq's kobjects in blk_release_queue() 2015-01-29 08:30:51 -08:00
blk-settings.c sd: Fix maximum I/O size for BLOCK_PC requests 2015-08-12 11:54:37 -07:00
blk-softirq.c block: fix regression with block enabled tagging 2014-04-09 21:54:06 -06:00
blk-sysfs.c block: don't release bdi while request_queue has live references 2015-11-09 14:37:36 -08:00
blk-tag.c block: support different tag allocation policy 2015-01-23 14:15:46 -07:00
blk-throttle.c blkcg: move block/blk-cgroup.h to include/linux/blk-cgroup.h 2015-06-02 08:33:33 -06:00
blk-timeout.c blk-mq: Allow requests to never expire 2015-01-08 08:59:01 -07:00
blk.h blk-mq: fix race between timeout and freeing request 2015-09-29 19:33:15 +02:00
bounce.c Merge branch 'for-4.2/writeback' of git://git.kernel.dk/linux-block 2015-06-25 16:00:17 -07:00
bsg-lib.c bsg: Remove unused function bsg_goose_queue() 2012-12-06 14:33:02 +01:00
bsg.c block: Simplify bsg complete all 2015-02-04 09:57:52 -07:00
cfq-iosched.c Merge branch 'for-4.2/writeback' of git://git.kernel.dk/linux-block 2015-06-25 16:00:17 -07:00
cmdline-parser.c block: remove unrelated header files and export symbol 2014-01-21 20:18:26 -08:00
compat_ioctl.c block, bdi: an active gendisk always has a request_queue associated with it 2014-09-08 10:00:35 -06:00
deadline-iosched.c block: Stop abusing csd.list for fifo_time 2014-02-24 14:46:32 -08:00
elevator.c Merge branch 'for-4.2/writeback' of git://git.kernel.dk/linux-block 2015-06-25 16:00:17 -07:00
genhd.c Merge branch 'for-4.2/writeback' of git://git.kernel.dk/linux-block 2015-06-25 16:00:17 -07:00
ioctl.c block: replace trylock with mutex_lock in blkdev_reread_part() 2015-05-20 09:05:45 -06:00
ioprio.c block: Fix computation of merged request priority 2014-10-31 08:30:43 -06:00
Kconfig block: Add T10 Protection Information functions 2014-09-27 09:14:59 -06:00
Kconfig.iosched blkcg: make CONFIG_BLK_CGROUP bool 2012-03-06 21:27:21 +01:00
Makefile block: Add T10 Protection Information functions 2014-09-27 09:14:59 -06:00
noop-iosched.c elevator: Fix a race in elevator switching 2013-07-03 13:25:24 +02:00
partition-generic.c block: Fix dev_t minor allocation lifetime 2014-09-03 15:01:02 -06:00
scsi_ioctl.c block: fix bogus EFAULT error from SG_IO ioctl 2015-06-27 11:43:34 -06:00
t10-pi.c block: Add T10 Protection Information functions 2014-09-27 09:14:59 -06:00