From d8230a09d278c09499549e79996d2437419b9c69 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Sat, 16 May 2020 15:26:09 +0200 Subject: [PATCH] Drop "blktrace: fix dereference after null check" --- debian/changelog | 1 - ...ace-fix-dereference-after-null-check.patch | 66 ------------------- debian/patches/series | 1 - 3 files changed, 68 deletions(-) delete mode 100644 debian/patches/bugfix/all/blktrace-fix-dereference-after-null-check.patch diff --git a/debian/changelog b/debian/changelog index 3bd1856f3..4a21ee77f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -38,7 +38,6 @@ linux (4.19.119-1) UNRELEASED; urgency=medium - virtio-blk: improve virtqueue error to BLK_STS - scsi: smartpqi: fix call trace in device discovery - PCI/ASPM: Allow re-enabling Clock PM - - blktrace: fix dereference after null check - KVM: VMX: Zero out *all* general purpose registers after VM-Exit - KVM: nVMX: Always sync GUEST_BNDCFGS when it comes from vmcs01 - KVM: Introduce a new guest mapping API diff --git a/debian/patches/bugfix/all/blktrace-fix-dereference-after-null-check.patch b/debian/patches/bugfix/all/blktrace-fix-dereference-after-null-check.patch deleted file mode 100644 index 8c10a8166..000000000 --- a/debian/patches/bugfix/all/blktrace-fix-dereference-after-null-check.patch +++ /dev/null @@ -1,66 +0,0 @@ -From: Cengiz Can -Date: Wed, 4 Mar 2020 13:58:19 +0300 -Subject: blktrace: fix dereference after null check -Origin: https://git.kernel.org/linus/153031a301bb07194e9c37466cfce8eacb977621 - -There was a recent change in blktrace.c that added a RCU protection to -`q->blk_trace` in order to fix a use-after-free issue during access. - -However the change missed an edge case that can lead to dereferencing of -`bt` pointer even when it's NULL: - -Coverity static analyzer marked this as a FORWARD_NULL issue with CID -1460458. - -``` -/kernel/trace/blktrace.c: 1904 in sysfs_blk_trace_attr_store() -1898 ret = 0; -1899 if (bt == NULL) -1900 ret = blk_trace_setup_queue(q, bdev); -1901 -1902 if (ret == 0) { -1903 if (attr == &dev_attr_act_mask) ->>> CID 1460458: Null pointer dereferences (FORWARD_NULL) ->>> Dereferencing null pointer "bt". -1904 bt->act_mask = value; -1905 else if (attr == &dev_attr_pid) -1906 bt->pid = value; -1907 else if (attr == &dev_attr_start_lba) -1908 bt->start_lba = value; -1909 else if (attr == &dev_attr_end_lba) -``` - -Added a reassignment with RCU annotation to fix the issue. - -Fixes: c780e86dd48 ("blktrace: Protect q->blk_trace with RCU") -Reviewed-by: Ming Lei -Reviewed-by: Bob Liu -Reviewed-by: Steven Rostedt (VMware) -Signed-off-by: Cengiz Can -Signed-off-by: Jens Axboe -Signed-off-by: Ben Hutchings -Signed-off-by: Sasha Levin ---- - kernel/trace/blktrace.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c -index 99f6cdbf2f540..6cea8bbca03cb 100644 ---- a/kernel/trace/blktrace.c -+++ b/kernel/trace/blktrace.c -@@ -1893,8 +1893,11 @@ static ssize_t sysfs_blk_trace_attr_store(struct device *dev, - } - - ret = 0; -- if (bt == NULL) -+ if (bt == NULL) { - ret = blk_trace_setup_queue(q, bdev); -+ bt = rcu_dereference_protected(q->blk_trace, -+ lockdep_is_held(&q->blk_trace_mutex)); -+ } - - if (ret == 0) { - if (attr == &dev_attr_act_mask) --- -2.20.1 - diff --git a/debian/patches/series b/debian/patches/series index d0ffcef1d..f34876e5a 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -298,7 +298,6 @@ features/arm/staging-vc04_services-Use-correct-cache-line-size.patch # Security fixes debian/i386-686-pae-pci-set-pci-nobios-by-default.patch debian/ntfs-mark-it-as-broken.patch -bugfix/all/blktrace-fix-dereference-after-null-check.patch bugfix/s390x/s390-mm-fix-page-table-upgrade-vs-2ndary-address-mod.patch bugfix/all/selinux-properly-handle-multiple-messages-in-selinux.patch bugfix/all/fs-namespace.c-fix-mountpoint-reference-counter-race.patch