From: Greg Kroah-Hartman Date: Tue, 6 Jan 2026 15:06:36 +0000 (+0100) Subject: 6.12-stable patches X-Git-Tag: v6.12.64~7 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b0c8c1ec3cd56673d47ab2dfb8ec8d8fecbecb44;p=thirdparty%2Fkernel%2Fstable-queue.git 6.12-stable patches added patches: block-fix-null-pointer-dereference-in-blk_zone_reset_all_bio_endio.patch --- diff --git a/queue-6.12/block-fix-null-pointer-dereference-in-blk_zone_reset_all_bio_endio.patch b/queue-6.12/block-fix-null-pointer-dereference-in-blk_zone_reset_all_bio_endio.patch new file mode 100644 index 0000000000..7bad2b7ef4 --- /dev/null +++ b/queue-6.12/block-fix-null-pointer-dereference-in-blk_zone_reset_all_bio_endio.patch @@ -0,0 +1,64 @@ +From c2b8d20628ca789640f64074a642f9440eefc623 Mon Sep 17 00:00:00 2001 +From: Damien Le Moal +Date: Thu, 13 Nov 2025 22:40:26 +0900 +Subject: block: fix NULL pointer dereference in blk_zone_reset_all_bio_endio() + +From: Damien Le Moal + +commit c2b8d20628ca789640f64074a642f9440eefc623 upstream. + +For zoned block devices that do not need zone write plugs (e.g. most +device mapper devices that support zones), the disk hash table of zone +write plugs is NULL. For such devices, blk_zone_reset_all_bio_endio() +should not attempt to scan this has table as that causes a NULL pointer +dereference. + +Fix this by checking that the disk does have zone write plugs using the +atomic counter. This is equivalent to checking for a non-NULL hash table +but has the advantage to also speed up the execution of +blk_zone_reset_all_bio_endio() for devices that do use zone write plugs +but do not have any plug in the hash table (e.g. a disk with only full +zones). + +Fixes: efae226c2ef1 ("block: handle zone management operations completions") +Reported-by: Shin'ichiro Kawasaki +Signed-off-by: Damien Le Moal +Reviewed-by: Christoph Hellwig +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + block/blk-zoned.c | 21 ++++++++++++--------- + 1 file changed, 12 insertions(+), 9 deletions(-) + +--- a/block/blk-zoned.c ++++ b/block/blk-zoned.c +@@ -746,17 +746,20 @@ static void blk_zone_reset_all_bio_endio + unsigned long flags; + unsigned int i; + +- /* Update the condition of all zone write plugs. */ +- rcu_read_lock(); +- for (i = 0; i < disk_zone_wplugs_hash_size(disk); i++) { +- hlist_for_each_entry_rcu(zwplug, &disk->zone_wplugs_hash[i], +- node) { +- spin_lock_irqsave(&zwplug->lock, flags); +- disk_zone_wplug_set_wp_offset(disk, zwplug, 0); +- spin_unlock_irqrestore(&zwplug->lock, flags); ++ if (atomic_read(&disk->nr_zone_wplugs)) { ++ /* Update the condition of all zone write plugs. */ ++ rcu_read_lock(); ++ for (i = 0; i < disk_zone_wplugs_hash_size(disk); i++) { ++ hlist_for_each_entry_rcu(zwplug, ++ &disk->zone_wplugs_hash[i], ++ node) { ++ spin_lock_irqsave(&zwplug->lock, flags); ++ disk_zone_wplug_set_wp_offset(disk, zwplug, 0); ++ spin_unlock_irqrestore(&zwplug->lock, flags); ++ } + } ++ rcu_read_unlock(); + } +- rcu_read_unlock(); + } + + static void blk_zone_finish_bio_endio(struct bio *bio) diff --git a/queue-6.12/series b/queue-6.12/series index 32226bb270..14a4d3a3c7 100644 --- a/queue-6.12/series +++ b/queue-6.12/series @@ -565,3 +565,4 @@ mm-damon-tests-core-kunit-handle-alloc-failures-on-damon_test_split_regions_of.p mm-damon-tests-core-kunit-handle-alloc-failres-in-damon_test_new_filter.patch mm-damon-tests-vaddr-kunit-handle-alloc-failures-on-damon_do_test_apply_three_regions.patch iomap-allocate-s_dio_done_wq-for-async-reads-as-well.patch +block-fix-null-pointer-dereference-in-blk_zone_reset_all_bio_endio.patch