From: Greg Kroah-Hartman Date: Thu, 13 Feb 2020 15:01:40 +0000 (-0800) Subject: 4.4-stable patches X-Git-Tag: v4.4.214~15 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0fc99c12d9fb3c4657874f177edab5c2d58b2752;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: dm-fix-potential-for-q-make_request_fn-null-pointer.patch --- diff --git a/queue-4.4/dm-fix-potential-for-q-make_request_fn-null-pointer.patch b/queue-4.4/dm-fix-potential-for-q-make_request_fn-null-pointer.patch new file mode 100644 index 00000000000..da87d39f570 --- /dev/null +++ b/queue-4.4/dm-fix-potential-for-q-make_request_fn-null-pointer.patch @@ -0,0 +1,74 @@ +From 47ace7e012b9f7ad71d43ac9063d335ea3d6820b Mon Sep 17 00:00:00 2001 +From: Mike Snitzer +Date: Mon, 27 Jan 2020 14:07:23 -0500 +Subject: dm: fix potential for q->make_request_fn NULL pointer + +From: Mike Snitzer + +commit 47ace7e012b9f7ad71d43ac9063d335ea3d6820b upstream. + +Move blk_queue_make_request() to dm.c:alloc_dev() so that +q->make_request_fn is never NULL during the lifetime of a DM device +(even one that is created without a DM table). + +Otherwise generic_make_request() will crash simply by doing: + dmsetup create -n test + mount /dev/dm-N /mnt + +While at it, move ->congested_data initialization out of +dm.c:alloc_dev() and into the bio-based specific init method. + +Reported-by: Stefan Bader +BugLink: https://bugs.launchpad.net/bugs/1860231 +Fixes: ff36ab34583a ("dm: remove request-based logic from make_request_fn wrapper") +Depends-on: c12c9a3c3860c ("dm: various cleanups to md->queue initialization code") +Cc: stable@vger.kernel.org +Signed-off-by: Mike Snitzer +[smb: adjusted for context and dm_init_md_queue() exitsting in older + kernels, and congested_data embedded in backing_dev_info, and + dm_init_normal_md_queue() was called dm_init_old_md_queue()] +Signed-off-by: Stefan Bader +Signed-off-by: Greg Kroah-Hartman +--- + drivers/md/dm.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +--- a/drivers/md/dm.c ++++ b/drivers/md/dm.c +@@ -2293,7 +2293,6 @@ static void dm_init_md_queue(struct mapp + * - must do so here (in alloc_dev callchain) before queue is used + */ + md->queue->queuedata = md; +- md->queue->backing_dev_info.congested_data = md; + } + + static void dm_init_old_md_queue(struct mapped_device *md) +@@ -2304,6 +2303,7 @@ static void dm_init_old_md_queue(struct + /* + * Initialize aspects of queue that aren't relevant for blk-mq + */ ++ md->queue->backing_dev_info.congested_data = md; + md->queue->backing_dev_info.congested_fn = dm_any_congested; + blk_queue_bounce_limit(md->queue, BLK_BOUNCE_ANY); + } +@@ -2386,6 +2386,12 @@ static struct mapped_device *alloc_dev(i + goto bad; + + dm_init_md_queue(md); ++ /* ++ * default to bio-based required ->make_request_fn until DM ++ * table is loaded and md->type established. If request-based ++ * table is loaded: blk-mq will override accordingly. ++ */ ++ blk_queue_make_request(md->queue, dm_make_request); + + md->disk = alloc_disk(1); + if (!md->disk) +@@ -2849,7 +2855,6 @@ int dm_setup_md_queue(struct mapped_devi + break; + case DM_TYPE_BIO_BASED: + dm_init_old_md_queue(md); +- blk_queue_make_request(md->queue, dm_make_request); + /* + * DM handles splitting bios as needed. Free the bio_split bioset + * since it won't be used (saves 1 process per bio-based DM device). diff --git a/queue-4.4/series b/queue-4.4/series index b9e5534abf5..c6a43106857 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -88,3 +88,4 @@ mwifiex-fix-possible-buffer-overflows-in-mwifiex_ret.patch mwifiex-fix-possible-buffer-overflows-in-mwifiex_cmd.patch libertas-don-t-exit-from-lbs_ibss_join_existing-with.patch libertas-make-lbs_ibss_join_existing-return-error-co.patch +dm-fix-potential-for-q-make_request_fn-null-pointer.patch