linux/drivers/md
Hou Tao b6e58b5466 dm btree remove: assign new_root only when removal succeeds
remove_raw() in dm_btree_remove() may fail due to IO read error
(e.g. read the content of origin block fails during shadowing),
and the value of shadow_spine::root is uninitialized, but
the uninitialized value is still assign to new_root in the
end of dm_btree_remove().

For dm-thin, the value of pmd->details_root or pmd->root will become
an uninitialized value, so if trying to read details_info tree again
out-of-bound memory may occur as showed below:

  general protection fault, probably for non-canonical address 0x3fdcb14c8d7520
  CPU: 4 PID: 515 Comm: dmsetup Not tainted 5.13.0-rc6
  Hardware name: QEMU Standard PC
  RIP: 0010:metadata_ll_load_ie+0x14/0x30
  Call Trace:
   sm_metadata_count_is_more_than_one+0xb9/0xe0
   dm_tm_shadow_block+0x52/0x1c0
   shadow_step+0x59/0xf0
   remove_raw+0xb2/0x170
   dm_btree_remove+0xf4/0x1c0
   dm_pool_delete_thin_device+0xc3/0x140
   pool_message+0x218/0x2b0
   target_message+0x251/0x290
   ctl_ioctl+0x1c4/0x4d0
   dm_ctl_ioctl+0xe/0x20
   __x64_sys_ioctl+0x7b/0xb0
   do_syscall_64+0x40/0xb0
   entry_SYSCALL_64_after_hwframe+0x44/0xae

Fixing it by only assign new_root when removal succeeds

Signed-off-by: Hou Tao <houtao1@huawei.com>
Cc: stable@vger.kernel.org
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
2021-06-25 15:25:24 -04:00
..
bcache include: remove pagemap.h from blkdev.h 2021-05-06 19:24:11 -07:00
persistent-data dm btree remove: assign new_root only when removal succeeds 2021-06-25 15:25:24 -04:00
dm-bio-prison-v1.c dm bio prison: replace spin_lock_irqsave with spin_lock_irq 2019-11-05 14:53:03 -05:00
dm-bio-prison-v1.h
dm-bio-prison-v2.c dm bio prison v2: use true/false for bool variable 2020-01-07 12:07:08 -05:00
dm-bio-prison-v2.h
dm-bio-record.h block: store a block_device pointer in struct bio 2021-01-24 18:17:20 -07:00
dm-bufio.c dm bufio: subtract the number of initial sectors in dm_bufio_get_device_size 2021-03-04 14:53:54 -05:00
dm-builtin.c
dm-cache-background-tracker.c dm cache background tracker: fix sparse warning 2018-04-30 15:40:40 -04:00
dm-cache-background-tracker.h
dm-cache-block-types.h
dm-cache-metadata.c dm: use bdev_read_only to check if a device is read-only 2021-01-24 18:15:57 -07:00
dm-cache-metadata.h
dm-cache-policy-internal.h
dm-cache-policy-smq.c dm: remove unnecessary unlikely() around WARN_ON_ONCE() 2018-10-16 14:34:59 -04:00
dm-cache-policy.c
dm-cache-policy.h
dm-cache-target.c dm cache: remove needless request_queue NULL pointer checks 2021-03-26 14:53:42 -04:00
dm-clone-metadata.c dm clone metadata: remove unused function 2021-04-19 13:20:31 -04:00
dm-clone-metadata.h dm clone metadata: Fix return type of dm_clone_nr_of_hydrated_regions() 2020-03-27 14:42:51 -04:00
dm-clone-target.c dm-clone: use blkdev_issue_flush in commit_metadata 2021-01-27 09:51:48 -07:00
dm-core.h dm: introduce zone append emulation 2021-06-04 12:07:37 -04:00
dm-crypt.c dm crypt: Fix zoned block device support 2021-06-04 12:07:38 -04:00
dm-delay.c block: rename generic_make_request to submit_bio_noacct 2020-07-01 07:27:24 -06:00
dm-dust.c dm dust: remove h from printk format specifier 2021-02-03 10:10:04 -05:00
dm-ebs-target.c dm ebs: fix a few typos 2021-03-26 14:53:42 -04:00
dm-era-target.c dm space maps: improve performance with inc/dec on ranges of blocks 2021-06-04 12:07:22 -04:00
dm-exception-store.c
dm-exception-store.h - Improve DM snapshot target's scalability by using finer grained 2019-05-16 15:55:48 -07:00
dm-flakey.c dm: Introduce dm_report_zones() 2021-06-04 12:07:32 -04:00
dm-init.c dm init: Set file local variable static 2020-08-04 15:51:28 -04:00
dm-integrity.c dm integrity: fix sparse warnings 2021-05-13 14:53:49 -04:00
dm-io.c block: Add bio_max_segs 2021-02-26 15:49:51 -07:00
dm-ioctl.c dm ioctl: filter the returned values according to name or uuid prefix 2021-03-26 14:53:41 -04:00
dm-kcopyd.c dm writecache: have ssd writeback wait if the kcopyd workqueue is busy 2021-06-15 15:42:03 -04:00
dm-linear.c dm: Introduce dm_report_zones() 2021-06-04 12:07:32 -04:00
dm-log-userspace-base.c dm: convert to bioset_init()/mempool_init() 2018-05-30 15:33:32 -06:00
dm-log-userspace-transfer.c
dm-log-userspace-transfer.h
dm-log-writes.c block: Add bio_max_segs 2021-02-26 15:49:51 -07:00
dm-log.c
dm-mpath.c dm: use dm_table_get_device_name() where appropriate in targets 2020-09-29 16:33:08 -04:00
dm-mpath.h
dm-path-selector.c
dm-path-selector.h dm mpath: pass IO start time to path selector 2020-05-15 10:29:36 -04:00
dm-ps-historical-service-time.c dm: rename multipath path selector source files to have "dm-ps" prefix 2020-12-04 18:04:35 -05:00
dm-ps-io-affinity.c dm ps io affinity: remove redundant continue statement 2021-06-25 15:25:22 -04:00
dm-ps-queue-length.c dm: rename multipath path selector source files to have "dm-ps" prefix 2020-12-04 18:04:35 -05:00
dm-ps-round-robin.c dm: rename multipath path selector source files to have "dm-ps" prefix 2020-12-04 18:04:35 -05:00
dm-ps-service-time.c dm: rename multipath path selector source files to have "dm-ps" prefix 2020-12-04 18:04:35 -05:00
dm-raid1.c dm kcopyd: avoid useless atomic operations 2021-06-04 12:07:24 -04:00
dm-raid.c dm raid: remove unnecessary discard limits for raid0 and raid10 2021-04-30 14:38:37 -04:00
dm-region-hash.c - Error path bug fix for overflow tests (Dan) 2018-06-12 18:28:00 -07:00
dm-rq.c dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails 2021-04-30 14:19:08 -04:00
dm-rq.h dm: remove unused _rq_tio_cache and _rq_cache 2019-03-05 14:48:50 -05:00
dm-snap-persistent.c dm: replace dm_vcalloc() 2021-04-19 13:13:26 -04:00
dm-snap-transient.c
dm-snap.c dm snapshot: properly fix a crash when an origin has no snapshots 2021-05-25 16:19:58 -04:00
dm-stats.c dm: replace zero-length array with flexible-array 2020-05-20 17:09:44 -04:00
dm-stats.h
dm-stripe.c dm: add support for REQ_NOWAIT to various targets 2020-12-04 18:04:35 -05:00
dm-switch.c dm: add support for REQ_NOWAIT to various targets 2020-12-04 18:04:35 -05:00
dm-sysfs.c dm: remove legacy request-based IO path 2018-10-11 11:36:09 -04:00
dm-table.c dm: introduce zone append emulation 2021-06-04 12:07:37 -04:00
dm-target.c dm mpath: fix missing call of path selector type->end_io 2019-04-25 15:38:52 -04:00
dm-thin-metadata.c dm space maps: improve performance with inc/dec on ranges of blocks 2021-06-04 12:07:22 -04:00
dm-thin-metadata.h dm thin metadata: Add support for a pre-commit callback 2019-12-05 17:05:24 -05:00
dm-thin.c dm thin: remove needless request_queue NULL pointer check 2021-03-26 14:53:42 -04:00
dm-uevent.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
dm-uevent.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
dm-unstripe.c dm: add support for REQ_NOWAIT to various targets 2020-12-04 18:04:35 -05:00
dm-verity-fec.c dm verity fec: fix misaligned RS roots IO 2021-04-14 14:28:29 -04:00
dm-verity-fec.h dm verity fec: fix misaligned RS roots IO 2021-04-14 14:28:29 -04:00
dm-verity-target.c dm verity: allow only one error handling mode 2021-03-26 14:53:41 -04:00
dm-verity-verify-sig.c dm verity: fix require_signatures module_param permissions 2021-05-25 16:14:05 -04:00
dm-verity-verify-sig.h dm verity: Fix compilation warning 2020-08-04 15:48:13 -04:00
dm-verity.h dm verity: add "panic_on_corruption" error handling mode 2020-07-13 11:47:33 -04:00
dm-writecache.c dm writecache: add optional "metadata_only" parameter 2021-06-25 15:25:21 -04:00
dm-zero.c dm: add support for REQ_NOWAIT to various targets 2020-12-04 18:04:35 -05:00
dm-zone.c dm zone: fix dm_revalidate_zones() memory allocation 2021-06-25 15:25:23 -04:00
dm-zoned-metadata.c dm zoned: check zone capacity 2021-06-04 12:07:28 -04:00
dm-zoned-reclaim.c dm kcopyd: avoid useless atomic operations 2021-06-04 12:07:24 -04:00
dm-zoned-target.c dm table: Fix zoned model check and zone sectors check 2021-03-22 12:32:31 -04:00
dm-zoned.h dm zoned: select reclaim zone based on device index 2020-06-05 14:59:53 -04:00
dm.c dm: introduce zone append emulation 2021-06-04 12:07:37 -04:00
dm.h dm: introduce zone append emulation 2021-06-04 12:07:37 -04:00
Kconfig dm crypt: support using trusted keys 2021-02-03 10:13:00 -05:00
Makefile dm: move zone related code to dm-zone.c 2021-06-04 12:07:31 -04:00
md-autodetect.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
md-bitmap.c md/bitmap: wait for external bitmap writes to complete during tear down 2021-04-15 11:06:32 -07:00
md-bitmap.h md: Avoid namespace collision with bitmap API 2018-08-01 15:49:39 -07:00
md-cluster.c for-5.11/drivers-2020-12-14 2020-12-16 13:09:32 -08:00
md-cluster.h md-cluster: introduce resync_info_get interface for sanity check 2018-10-18 09:36:35 -07:00
md-faulty.c block: rename generic_make_request to submit_bio_noacct 2020-07-01 07:27:24 -06:00
md-linear.c block: store a block_device pointer in struct bio 2021-01-24 18:17:20 -07:00
md-linear.h md/raid1: Replace zero-length array with flexible-array 2020-05-13 12:02:23 -07:00
md-multipath.c writeback: remove bdi->congested_fn 2020-07-08 17:20:46 -06:00
md-multipath.h md: convert to bioset_init()/mempool_init() 2018-05-30 15:33:32 -06:00
md.c md-cluster: fix use-after-free issue when removing rdev 2021-04-23 09:39:04 -07:00
md.h md: add md_submit_discard_bio() for submitting discard bio 2021-03-24 16:29:06 -07:00
raid0.c md: add md_submit_discard_bio() for submitting discard bio 2021-03-24 16:29:06 -07:00
raid0.h md/raid0: avoid RAID0 data corruption due to layout confusion. 2019-09-13 13:10:05 -07:00
raid1-10.c md: raid1-10: Unify r{1,10}bio_pool_free 2019-06-15 01:37:35 -06:00
raid1.c md/raid1: properly indicate failure when ending a failed write request 2021-04-23 09:40:17 -07:00
raid1.h md/raid1: Replace zero-length array with flexible-array 2020-05-13 12:02:23 -07:00
raid5-cache.c block: rename BIO_MAX_PAGES to BIO_MAX_VECS 2021-03-11 07:47:48 -07:00
raid5-log.h raid5: set write hint for PPL 2019-03-12 10:15:18 -07:00
raid5-ppl.c block: rename BIO_MAX_PAGES to BIO_MAX_VECS 2021-03-11 07:47:48 -07:00
raid5.c treewide: Change list_sort to use const pointers 2021-04-08 16:04:22 -07:00
raid5.h md/raid5: let multiple devices of stripe_head share page 2020-09-24 16:44:44 -07:00
raid10.c md/raid10: improve discard request for far layout 2021-03-24 16:29:07 -07:00
raid10.h md/raid10: improve discard request for far layout 2021-03-24 16:29:07 -07:00