WSL2-Linux-Kernel

История

Zhihao Cheng 3afaaf6f58 ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed [ Upstream commit `4d57a7333e` ] Following process will trigger an infinite loop in ubi_wl_put_peb(): ubifs_bgt ubi_bgt ubifs_leb_unmap ubi_leb_unmap ubi_eba_unmap_leb ubi_wl_put_peb wear_leveling_worker e1 = rb_entry(rb_first(&ubi->used) e2 = get_peb_for_wl(ubi) ubi_io_read_vid_hdr // return err (flash fault) out_error: ubi->move_from = ubi->move_to = NULL wl_entry_destroy(ubi, e1) ubi->lookuptbl[e->pnum] = NULL retry: e = ubi->lookuptbl[pnum]; // return NULL if (e == ubi->move_from) { // NULL == NULL gets true goto retry; // infinite loop !!! $ top PID USER PR NI VIRT RES SHR S %CPU %MEM COMMAND 7676 root 20 0 0 0 0 R 100.0 0.0 ubifs_bgt0_0 Fix it by: 1) Letting ubi_wl_put_peb() returns directly if wearl leveling entry has been removed from 'ubi->lookuptbl'. 2) Using 'ubi->wl_lock' protecting wl entry deletion to preventing an use-after-free problem for wl entry in ubi_wl_put_peb(). Fetch a reproducer in [Link]. Fixes: `43f9b25a9c` ("UBI: bugfix: protect from volume removal") Fixes: `ee59ba8b06` ("UBI: Fix stale pointers in ubi->lookuptbl") Link: https://bugzilla.kernel.org/show_bug.cgi?id=216111 Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: Sasha Levin <sashal@kernel.org>		2023-03-11 13:57:26 +01:00
..
chips	mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N	2022-06-09 10:23:25 +02:00
devices	mtd: devices: docg3: check the return value of devm_ioremap() in the probe	2022-10-26 12:35:09 +02:00
hyperbus	mtd: hyperbus: rpc-if: fix bug in rpcif_hb_remove	2022-01-27 11:03:15 +01:00
lpddr	mtd: lpddr2_nvm: Fix possible null-ptr-deref	2022-12-31 13:14:10 +01:00
maps	mtd: maps: pxa2xx-flash: fix memory leak in probe	2022-12-31 13:14:12 +01:00
nand	mtd: rawnand: intel: Add missing of_node_put() in ebu_nand_probe()	2022-11-03 23:59:15 +09:00
parsers	mtd: parsers: bcm47xxpart: Fix halfblock reads	2022-11-10 18:15:32 +01:00
spi-nor	mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type	2023-03-10 09:40:05 +01:00
tests	mtd: tests: Remove redundant assignment to err	2021-05-10 12:48:35 +02:00
ubi	ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed	2023-03-11 13:57:26 +01:00
Kconfig	mtdblock: Add comment about UBI block devices	2021-08-06 22:05:13 +02:00
Makefile	…
ftl.c	mtd/ftl: don't cast away the type when calling add_mtd_blktrans_dev	2021-08-23 10:01:04 +02:00
inftlcore.c	mtd: inftlcore: Use module_mtd_blktrans to register driver	2021-03-11 09:37:48 +01:00
inftlmount.c	mtd: inftl: remove unnecessary oom message	2021-06-11 20:44:21 +02:00
mtd_blkdevs.c	MTD changes:	2021-09-05 10:50:12 -07:00
mtdblock.c	mtdblock: warn if opened on NAND	2022-06-09 10:22:49 +02:00
mtdblock_ro.c	mtdblock: Warn if added for a NAND device	2021-08-17 18:41:59 +02:00
mtdchar.c	mtd: add OTP (one-time-programmable) erase ioctl	2021-03-28 19:24:54 +02:00
mtdconcat.c	mtd: mtdconcat: Check _read, _write callbacks existence before assignment	2021-08-17 18:43:33 +02:00
mtdcore.c	mtd: Fix device name leak when register device failed in add_mtd_device()	2022-12-31 13:14:09 +01:00
mtdcore.h	…
mtdoops.c	mtd: mtdoops: remove unnecessary oom message	2021-06-11 20:43:46 +02:00
mtdpart.c	mtd: Fixed breaking list in __mtd_del_partition.	2022-01-27 11:02:48 +01:00
mtdpstore.c	pstore/blk: Include zone in pstore_device_info	2021-06-16 21:09:31 -07:00
mtdsuper.c	…
mtdswap.c	mtd: mtdswap: Use module_mtd_blktrans to register driver	2021-03-11 09:37:48 +01:00
nftlcore.c	mtd: nftlcore: remove set but rewrite variables	2021-05-10 12:11:46 +02:00
nftlmount.c	mtd: nftl: remove unnecessary oom message	2021-06-11 20:43:26 +02:00
rfd_ftl.c	mtd/rfd_ftl: don't cast away the type when calling add_mtd_blktrans_dev	2021-08-23 10:01:06 +02:00
sm_ftl.c	mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release	2022-08-17 14:23:40 +02:00
sm_ftl.h	…
ssfdc.c	…