Merge tag 'block-6.3-2023-03-09' of git://git.kernel.dk/linux

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Pull block fixes from Jens Axboe:

- Fix a regression in exclusive mode handling of the partition code,
introduced in this merge windoe (Yu)

- Fix for a use-after-free in BFQ (Yu)

- Add sysfs documentation for the 'hidden' attribute (Sagi)

* tag 'block-6.3-2023-03-09' of git://git.kernel.dk/linux:
block, bfq: fix uaf for 'stable_merge_bfqq'
docs: sysfs-block: document hidden sysfs entry
block: fix wrong mode for blkdev_put() from disk_scan_partitions()

Linus Torvalds 3 years ago 40f879bd d33d4c9e

+19 -10

3 changed files

expand all

Documentation

ABI

stable

sysfs-block

block

bfq-iosched.c

genhd.c

Documentation/ABI/stable/sysfs-block

··· 705 705 zoned will report "none". 706 706 707 707 708 + What: /sys/block/<disk>/hidden 709 + Date: March 2023 710 + Contact: linux-block@vger.kernel.org 711 + Description: 712 + [RO] the block device is hidden. it doesn’t produce events, and 713 + can’t be opened from userspace or using blkdev_get*. 714 + Used for the underlying components of multipath devices. 715 + 716 + 708 717 What: /sys/block/<disk>/stat 709 718 Date: February 2008 710 719 Contact: Jerome Marchand <jmarchan@redhat.com>

+9 -9

block/bfq-iosched.c

··· 2854 2854 { 2855 2855 int proc_ref = min(bfqq_process_refs(bfqq), 2856 2856 bfqq_process_refs(stable_merge_bfqq)); 2857 - struct bfq_queue *new_bfqq; 2857 + struct bfq_queue *new_bfqq = NULL; 2858 2858 2859 - if (idling_boosts_thr_without_issues(bfqd, bfqq) || 2860 - proc_ref == 0) 2861 - return NULL; 2859 + bfqq_data->stable_merge_bfqq = NULL; 2860 + if (idling_boosts_thr_without_issues(bfqd, bfqq) || proc_ref == 0) 2861 + goto out; 2862 2862 2863 2863 /* next function will take at least one ref */ 2864 2864 new_bfqq = bfq_setup_merge(bfqq, stable_merge_bfqq); ··· 2873 2873 new_bfqq_data->stably_merged = true; 2874 2874 } 2875 2875 } 2876 + 2877 + out: 2878 + /* deschedule stable merge, because done or aborted here */ 2879 + bfq_put_stable_ref(stable_merge_bfqq); 2880 + 2876 2881 return new_bfqq; 2877 2882 } 2878 2883 ··· 2937 2932 msecs_to_jiffies(bfq_late_stable_merging))) { 2938 2933 struct bfq_queue *stable_merge_bfqq = 2939 2934 bfqq_data->stable_merge_bfqq; 2940 - 2941 - /* deschedule stable merge, because done or aborted here */ 2942 - bfq_put_stable_ref(stable_merge_bfqq); 2943 - 2944 - bfqq_data->stable_merge_bfqq = NULL; 2945 2935 2946 2936 return bfq_setup_stable_merge(bfqd, bfqq, 2947 2937 stable_merge_bfqq,

+1 -1

block/genhd.c

··· 385 385 if (IS_ERR(bdev)) 386 386 ret = PTR_ERR(bdev); 387 387 else 388 - blkdev_put(bdev, mode); 388 + blkdev_put(bdev, mode & ~FMODE_EXCL); 389 389 390 390 if (!(mode & FMODE_EXCL)) 391 391 bd_abort_claiming(disk->part0, disk_scan_partitions);