From: Greg Kroah-Hartman Date: Mon, 5 Jan 2026 14:08:11 +0000 (+0100) Subject: 6.18-stable patches X-Git-Tag: v6.12.64~13 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4d218864b78e51466e4a7b85e3d52d3763b40245;p=thirdparty%2Fkernel%2Fstable-queue.git 6.18-stable patches added patches: block-fix-null-pointer-dereference-in-blk_zone_reset_all_bio_endio.patch --- diff --git a/queue-6.18/block-fix-null-pointer-dereference-in-blk_zone_reset_all_bio_endio.patch b/queue-6.18/block-fix-null-pointer-dereference-in-blk_zone_reset_all_bio_endio.patch new file mode 100644 index 0000000000..77020c52e3 --- /dev/null +++ b/queue-6.18/block-fix-null-pointer-dereference-in-blk_zone_reset_all_bio_endio.patch @@ -0,0 +1,64 @@ +From c2b8d20628ca789640f64074a642f9440eefc623 Mon Sep 17 00:00:00 2001 +From: Damien Le Moal +Date: Thu, 13 Nov 2025 22:40:26 +0900 +Subject: block: fix NULL pointer dereference in blk_zone_reset_all_bio_endio() + +From: Damien Le Moal + +commit c2b8d20628ca789640f64074a642f9440eefc623 upstream. + +For zoned block devices that do not need zone write plugs (e.g. most +device mapper devices that support zones), the disk hash table of zone +write plugs is NULL. For such devices, blk_zone_reset_all_bio_endio() +should not attempt to scan this has table as that causes a NULL pointer +dereference. + +Fix this by checking that the disk does have zone write plugs using the +atomic counter. This is equivalent to checking for a non-NULL hash table +but has the advantage to also speed up the execution of +blk_zone_reset_all_bio_endio() for devices that do use zone write plugs +but do not have any plug in the hash table (e.g. a disk with only full +zones). + +Fixes: efae226c2ef1 ("block: handle zone management operations completions") +Reported-by: Shin'ichiro Kawasaki +Signed-off-by: Damien Le Moal +Reviewed-by: Christoph Hellwig +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + block/blk-zoned.c | 21 ++++++++++++--------- + 1 file changed, 12 insertions(+), 9 deletions(-) + +--- a/block/blk-zoned.c ++++ b/block/blk-zoned.c +@@ -736,17 +736,20 @@ static void blk_zone_reset_all_bio_endio + unsigned long flags; + unsigned int i; + +- /* Update the condition of all zone write plugs. */ +- rcu_read_lock(); +- for (i = 0; i < disk_zone_wplugs_hash_size(disk); i++) { +- hlist_for_each_entry_rcu(zwplug, &disk->zone_wplugs_hash[i], +- node) { +- spin_lock_irqsave(&zwplug->lock, flags); +- disk_zone_wplug_set_wp_offset(disk, zwplug, 0); +- spin_unlock_irqrestore(&zwplug->lock, flags); ++ if (atomic_read(&disk->nr_zone_wplugs)) { ++ /* Update the condition of all zone write plugs. */ ++ rcu_read_lock(); ++ for (i = 0; i < disk_zone_wplugs_hash_size(disk); i++) { ++ hlist_for_each_entry_rcu(zwplug, ++ &disk->zone_wplugs_hash[i], ++ node) { ++ spin_lock_irqsave(&zwplug->lock, flags); ++ disk_zone_wplug_set_wp_offset(disk, zwplug, 0); ++ spin_unlock_irqrestore(&zwplug->lock, flags); ++ } + } ++ rcu_read_unlock(); + } +- rcu_read_unlock(); + } + + static void blk_zone_finish_bio_endio(struct bio *bio) diff --git a/queue-6.18/series b/queue-6.18/series index 172bfd4bca..157ddb6e60 100644 --- a/queue-6.18/series +++ b/queue-6.18/series @@ -303,3 +303,4 @@ drm-pagemap-drm-xe-ensure-that-the-devmem-allocation-is-idle-before-use.patch drm-nouveau-dispnv50-don-t-call-drm_atomic_get_crtc_state-in-prepare_fb.patch drm-imagination-disallow-exporting-of-pm-fw-protected-objects.patch erofs-fix-unexpected-eio-under-memory-pressure.patch +block-fix-null-pointer-dereference-in-blk_zone_reset_all_bio_endio.patch