diff options
author | Ming Lei <ming.lei@redhat.com> | 2022-10-27 16:57:09 +0800 |
---|---|---|
committer | Jens Axboe <axboe@kernel.dk> | 2022-10-27 07:15:44 -0600 |
commit | 2d87d455ead2cbdee7e60463cddc5bff3f98c912 (patch) | |
tree | 8aea8eae84f797a115d2e2e3508c207d80c31017 /lib/test_fortify/write_overflow-strncpy.c | |
parent | 7f21735ffb2648a29e0fc79c4bdcb1b9ed8602cd (diff) |
blk-mq: don't add non-pt request with ->end_io to batch
dm-rq implements ->end_io callback for request issued to underlying queue,
and it isn't passthrough request.
Commit ab3e1d3bbab9 ("block: allow end_io based requests in the completion
batch handling") doesn't clear rq->bio and rq->__data_len for request
with ->end_io in blk_mq_end_request_batch(), and this way is actually
dangerous, but so far it is only for nvme passthrough request.
dm-rq needs to clean up remained bios in case of partial completion,
and req->bio is required, then use-after-free is triggered, so the
underlying clone request can't be completed in blk_mq_end_request_batch.
Fix panic by not adding such request into batch list, and the issue
can be triggered simply by exposing nvme pci to dm-mpath simply.
Fixes: ab3e1d3bbab9 ("block: allow end_io based requests in the completion batch handling")
Cc: dm-devel@redhat.com
Cc: Mike Snitzer <snitzer@kernel.org>
Reported-by: Changhui Zhong <czhong@redhat.com>
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20221027085709.513175-1-ming.lei@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Diffstat (limited to 'lib/test_fortify/write_overflow-strncpy.c')
0 files changed, 0 insertions, 0 deletions