Public bug reported:
BugLink: https://bugs.launchpad.net/bugs/2104326
[Impact]
Remove the floppy kernel module by "modprobe -r floppy" causes the
following:
[ 26.594748] Floppy drive(s): fd0 is 2.88M AMI BIOS
10:58:56 [54/49654][ 26.615036] FDC 0 is a S82078B
[ 37.356072] BUG: kernel NULL
pointer dereference, address: 0000000000000030
[
37.356898] #PF: supervisor read access in kernel mode
[ 37.357306] #PF: error_code(0x0000) - not-present page
[ 37.357671] PGD 0 P4D 0
[ 37.357873] Oops: 0000 [#1] SMP NOPTI
[ 37.358143] CPU: 1 PID: 1005 Comm: modprobe Not tainted 5.15.0-135-generic
#146-Ubuntu
[ 37.358715] Hardware name: QEMU Standard PC (Q35 +
ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 37.359333] RIP: 0010:blk_mq_cancel_work_sync+0x5/0x60
[ 37.359718] Code: 00 00 89 45 d0 89 de e8 d9 8b 09 00 8b 45 d0 e9 71 ff ff
ff b8 ea ff ff ff eb 94 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 <48> 83 7f
30 00 74 49 55 48 89 e5 41
54 49 89 fc 48 8d bf 60 05 00
[ 37.360912] RSP: 0018:ffffb9cb00b87d70 EFLAGS: 00010246
[ 37.361273] RAX: ffff95f905452908 RBX: ffff95f90d38c900 RCX: 0000000082000101
[ 37.361746] RDX: 00000000820001bf RSI: ffffffffa8a92b36 RDI: 0000000000000000
[ 37.362219] RBP: ffffb9cb00b87d80 R08: 0000000000000001 R09: 0000000000000000
[ 37.362697] R10: 0000000000000001 R11: ffff000000000000 R12: ffff95f9054525c0
[ 37.363169] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 37.363655] FS: 00007f0a711c4c40(0000) GS:ffff96005fc40000(0000)
knlGS:0000000000000000
[ 37.364192] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 37.364586] CR2: 0000000000000030 CR3: 000000010fcb0000 CR4: 0000000000750ee0
[ 37.365063] PKRU: 55555554
[ 37.365276] Call Trace:
[ 37.365474] <TASK>
[ 37.365649] ? show_trace_log_lvl+0x1d6/0x2ea
10:58:56 [30/49654]
[ 37.365961] ? show_trace_log_lvl+0x1d6/0x2ea
[ 37.366275] ? device_release+0x38/0xa0
[ 37.366555] ? show_regs.part.0+0x23/0x29
[ 37.366857] ? __die_body.cold+0x8/0xd
[ 37.367143] ? __die+0x2b/0x37
[ 37.367382] ? page_fault_oops+0x13b/0x170
[ 37.367682] ? do_user_addr_fault+0x313/0x640
[ 37.367991] ? fsnotify_destroy_marks+0x2a/0x150
[ 37.368322] ? __call_rcu+0xa8/0x270
[ 37.368592] ? exc_page_fault+0x77/0x170
[ 37.368882] ? asm_exc_page_fault+0x27/0x30
[ 37.369190] ? device_release+0x26/0xa0
[ 37.369471] ? blk_mq_cancel_work_sync+0x5/0x60
[ 37.369792] ? disk_release+0x31/0x80
[ 37.370060] device_release+0x38/0xa0
[ 37.370337] kobject_cleanup+0x3e/0x150
[ 37.370623] kobject_put+0x5b/0x80
[ 37.370881] put_device+0x13/0x20
[ 37.371133] put_disk+0x1b/0x30
[ 37.371379] floppy_module_exit+0x34b/0x105d [floppy]
[ 37.371740] __do_sys_delete_module.constprop.0+0x184/0x290
[ 37.372140] ? syscall_exit_to_user_mode+0x2c/0x50
[ 37.372492] ? x64_sys_call+0x1dba/0x1fa0
[ 37.372785] ? do_syscall_64+0x63/0xb0
[ 37.373058] __x64_sys_delete_module+0x12/0x20
[ 37.373421] x64_sys_call+0x16cf/0x1fa0
[ 37.373720] do_syscall_64+0x56/0xb0
[ 37.374001] ? syscall_exit_to_user_mode+0x2c/0x50
[ 37.374339] ? x64_sys_call+0x1a55/0x1fa0
[ 37.374624] ? do_syscall_64+0x63/0xb0
[ 37.374891] ? x64_sys_call+0x1de6/0x1fa0
[ 37.375180] ? clear_bhb_loop+0x45/0xa0
[ 37.375469] ? clear_bhb_loop+0x45/0xa0
[ 37.375741] ? clear_bhb_loop+0x45/0xa0
[ 37.376013] ? clear_bhb_loop+0x45/0xa0
[ 37.376292] ? clear_bhb_loop+0x45/0xa0
[ 37.376568] entry_SYSCALL_64_after_hwframe+0x6c/0xd6
[ 37.376913] RIP: 0033:0x7f0a712ecaeb
[ 37.377176] Code: 73 01 c3 48 8b 0d 45 33 0f 00 f7 d8 64 89 01 48 83 c8 ff
c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 b0 00 00 00 0f 05 <48> 3d 01
f0 ff ff 73 01 c3 48 8b 0d
15 33 0f 00 f7 d8 64 89 01 48
[ 37.378351] RSP: 002b:00007ffc33b3bc48 EFLAGS: 00000206 ORIG_RAX:
00000000000000b0
[ 37.378870] RAX: ffffffffffffffda RBX: 00005615695dbe30 RCX: 00007f0a712ecaeb
[ 37.379368] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 00005615695dbe98
[ 37.379837] RBP: 00005615695dbe30 R08: 0000000000000000 R09: 0000000000000000
[ 37.380308] R10: 00007f0a71384ac0 R11: 0000000000000206 R12: 00005615695dbe98
[ 37.380785] R13: 0000000000000000 R14: 00005615695dbe98 R15: 00007ffc33b3df78
[ 37.381256] </TASK>
[ 37.381438] Modules linked in: floppy(-) isofs intel_rapl_msr
intel_rapl_common binfmt_misc nls_iso8859_1 kvm_intel kvm rapl joydev
input_leds serio_raw mac_hid qemu_fw_cfg sch_fq_c
odel dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua drm efi_pstore
ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress raid10 raid456
async_raid6_recov async_memcpy asyn
c_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear
crct10dif_pclmul crc32_pclmul ghash_clmulni_intel sha256_ssse3 sha1_ssse3
aesni_intel i2c_i801 crypto_simd x
hci_pci virtio_net ahci net_failover cryptd i2c_smbus psmouse libahci
virtio_scsi lpc_ich virtio_blk virtio_rng xhci_pci_renesas failover
[ 37.385136] CR2: 0000000000000030
[ 37.385412] ---[ end trace 09bc3a6935dc73e0 ]---
[ 37.385730] RIP: 0010:blk_mq_cancel_work_sync+0x5/0x60
[ 37.386080] Code: 00 00 89 45 d0 89 de e8 d9 8b 09 00 8b 45 d0 e9 71 ff ff
ff b8 ea ff ff ff eb 94 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 <48> 83 7f
30 00 74 49 55 48 89 e5 41
54 49 89 fc 48 8d bf 60 05 00
[ 37.387332] RSP: 0018:ffffb9cb00b87d70 EFLAGS: 00010246
[ 37.387702] RAX: ffff95f905452908 RBX: ffff95f90d38c900 RCX: 0000000082000101
[ 37.388179] RDX: 00000000820001bf RSI: ffffffffa8a92b36 RDI: 0000000000000000
[ 37.388646] RBP: ffffb9cb00b87d80 R08: 0000000000000001 R09: 0000000000000000
[ 37.389126] R10: 0000000000000001 R11: ffff000000000000 R12: ffff95f9054525c0
[ 37.389607] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 37.390073] FS: 00007f0a711c4c40(0000) GS:ffff96005fc40000(0000)
knlGS:0000000000000000
[ 37.390620] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 37.391005] CR2: 0000000000000030 CR3: 000000010fcb0000 CR4: 0000000000750ee0
[ 37.391478] PKRU: 55555554
This can be simply reproduced on a VM with a floppy disk added and only
happens on 5.15 kernel, because of the change of kernel internal
structure.
[Fix]
This upstream commit fixes it:
commit 2598a2bb357d64baaa94368133ddbc900b9eb246
Author: Luis Chamberlain <[email protected]>
Date: Mon Sep 27 15:02:50 2021 -0700
floppy: fix add_disk() assumption on exit due to new developments
After the patch titled "floppy: use blk_mq_alloc_disk and
blk_cleanup_disk" the floppy driver was modified to allocate
the blk_mq_alloc_disk() which allocates the disk with the
queue. This is further clarified later with the patch titled
"block: remove alloc_disk and alloc_disk_node". This clarifies
that:
Most drivers should use and have been converted to use
blk_alloc_disk and blk_mq_alloc_disk. Only the scsi
ULPs and dasd still allocate a disk separately from the
request_queue so don't bother with convenience macros for
something that should not see significant new users and
remove these wrappers.
And then we have the patch titled, "block: hold a request_queue
reference for the lifetime of struct gendisk" which ensures
that a queue is *always* present for sure during the entire
lifetime of a disk.
In the floppy driver's case then the disk always comes with the
queue. So even if even if the queue was cleaned up on exit, putting
the disk *is* still required, and likewise, blk_cleanup_queue() on
a null queue should not happen now as disk->queue is valid from
disk allocation time on.
Automatic backport code scrapers should hopefully not cherry pick
this patch as a stable fix candidate without full due dilligence to
ensure all the work done on the block layer to make this happen is
merged first.
Signed-off-by: Luis Chamberlain <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Jens Axboe <[email protected]>
The floppy driver now uses blk_mq_alloc_disk(), which guarantees a valid
queue for the disk's lifetime. This change removes the need to
conditionally clean up the queue and ensures put_disk() is still
required on exit.
[Testcase]
Create a VM and add a floppy disk to it, remove the floppy module by
"modprobe -r floppy" to check if the null pointer deference occurs in
the kernel logs.
[Where problems can occur]
If there is something wrong in this commit, removing floppy module might cause
issues,
but it won't affect the whole system, and also floppy is rarely used nowadays.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
+ BugLink: https://bugs.launchpad.net/bugs/2104326
[Impact]
Remove the floppy kernel module by "modprobe -r floppy" causes the
following:
- [ 26.594748] Floppy drive(s): fd0 is 2.88M AMI BIOS
10:58:56 [54/49654][ 26.615036] FDC 0 is a S82078B
[ 37.356072] BUG: kernel
NULL pointer dereference, address: 0000000000000030
[
37.356898] #PF: supervisor read access in kernel mode
- [ 37.357306] #PF: error_code(0x0000) - not-present page
- [ 37.357671] PGD 0 P4D 0
- [ 37.357873] Oops: 0000 [#1] SMP NOPTI
- [ 37.358143] CPU: 1 PID: 1005 Comm: modprobe Not tainted 5.15.0-135-generic
#146-Ubuntu
[ 37.358715] Hardware name: QEMU Standard PC (Q35 +
ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
- [ 37.359333] RIP: 0010:blk_mq_cancel_work_sync+0x5/0x60
+ [ 26.594748] Floppy drive(s): fd0 is 2.88M AMI BIOS
10:58:56 [54/49654][ 26.615036] FDC 0 is a S82078B
[ 37.356072] BUG: kernel
NULL pointer dereference, address: 0000000000000030
[
37.356898] #PF: supervisor read access in kernel mode
+ [ 37.357306] #PF: error_code(0x0000) - not-present page
+ [ 37.357671] PGD 0 P4D 0
+ [ 37.357873] Oops: 0000 [#1] SMP NOPTI
+ [ 37.358143] CPU: 1 PID: 1005 Comm: modprobe Not tainted 5.15.0-135-generic
#146-Ubuntu
[ 37.358715] Hardware name: QEMU Standard PC (Q35 +
ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
+ [ 37.359333] RIP: 0010:blk_mq_cancel_work_sync+0x5/0x60
[ 37.359718] Code: 00 00 89 45 d0 89 de e8 d9 8b 09 00 8b 45 d0 e9 71 ff ff
ff b8 ea ff ff ff eb 94 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 <48> 83 7f
30 00 74 49 55 48 89 e5 41
- 54 49 89 fc 48 8d bf 60 05 00
- [ 37.360912] RSP: 0018:ffffb9cb00b87d70 EFLAGS: 00010246
+ 54 49 89 fc 48 8d bf 60 05 00
+ [ 37.360912] RSP: 0018:ffffb9cb00b87d70 EFLAGS: 00010246
[ 37.361273] RAX: ffff95f905452908 RBX: ffff95f90d38c900 RCX:
0000000082000101
- [ 37.361746] RDX: 00000000820001bf RSI: ffffffffa8a92b36 RDI:
0000000000000000
- [ 37.362219] RBP: ffffb9cb00b87d80 R08: 0000000000000001 R09:
0000000000000000
+ [ 37.361746] RDX: 00000000820001bf RSI: ffffffffa8a92b36 RDI:
0000000000000000
+ [ 37.362219] RBP: ffffb9cb00b87d80 R08: 0000000000000001 R09:
0000000000000000
[ 37.362697] R10: 0000000000000001 R11: ffff000000000000 R12:
ffff95f9054525c0
- [ 37.363169] R13: 0000000000000000 R14: 0000000000000000 R15:
0000000000000000
- [ 37.363655] FS: 00007f0a711c4c40(0000) GS:ffff96005fc40000(0000)
knlGS:0000000000000000
- [ 37.364192] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+ [ 37.363169] R13: 0000000000000000 R14: 0000000000000000 R15:
0000000000000000
+ [ 37.363655] FS: 00007f0a711c4c40(0000) GS:ffff96005fc40000(0000)
knlGS:0000000000000000
+ [ 37.364192] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 37.364586] CR2: 0000000000000030 CR3: 000000010fcb0000 CR4:
0000000000750ee0
[ 37.365063] PKRU: 55555554
[ 37.365276] Call Trace:
[ 37.365474] <TASK>
[ 37.365649] ? show_trace_log_lvl+0x1d6/0x2ea
10:58:56 [30/49654]
[ 37.365961] ? show_trace_log_lvl+0x1d6/0x2ea
[ 37.366275] ? device_release+0x38/0xa0
[ 37.366555] ? show_regs.part.0+0x23/0x29
[ 37.366857] ? __die_body.cold+0x8/0xd
[ 37.367143] ? __die+0x2b/0x37
[ 37.367382] ? page_fault_oops+0x13b/0x170
[ 37.367682] ? do_user_addr_fault+0x313/0x640
[ 37.367991] ? fsnotify_destroy_marks+0x2a/0x150
[ 37.368322] ? __call_rcu+0xa8/0x270
[ 37.368592] ? exc_page_fault+0x77/0x170
[ 37.368882] ? asm_exc_page_fault+0x27/0x30
[ 37.369190] ? device_release+0x26/0xa0
[ 37.369471] ? blk_mq_cancel_work_sync+0x5/0x60
[ 37.369792] ? disk_release+0x31/0x80
[ 37.370060] device_release+0x38/0xa0
[ 37.370337] kobject_cleanup+0x3e/0x150
[ 37.370623] kobject_put+0x5b/0x80
[ 37.370881] put_device+0x13/0x20
[ 37.371133] put_disk+0x1b/0x30
[ 37.371379] floppy_module_exit+0x34b/0x105d [floppy]
[ 37.371740] __do_sys_delete_module.constprop.0+0x184/0x290
[ 37.372140] ? syscall_exit_to_user_mode+0x2c/0x50
[ 37.372492] ? x64_sys_call+0x1dba/0x1fa0
[ 37.372785] ? do_syscall_64+0x63/0xb0
[ 37.373058] __x64_sys_delete_module+0x12/0x20
[ 37.373421] x64_sys_call+0x16cf/0x1fa0
[ 37.373720] do_syscall_64+0x56/0xb0
[ 37.374001] ? syscall_exit_to_user_mode+0x2c/0x50
[ 37.374339] ? x64_sys_call+0x1a55/0x1fa0
[ 37.374624] ? do_syscall_64+0x63/0xb0
[ 37.374891] ? x64_sys_call+0x1de6/0x1fa0
[ 37.375180] ? clear_bhb_loop+0x45/0xa0
[ 37.375469] ? clear_bhb_loop+0x45/0xa0
[ 37.375741] ? clear_bhb_loop+0x45/0xa0
[ 37.376013] ? clear_bhb_loop+0x45/0xa0
[ 37.376292] ? clear_bhb_loop+0x45/0xa0
[ 37.376568] entry_SYSCALL_64_after_hwframe+0x6c/0xd6
[ 37.376913] RIP: 0033:0x7f0a712ecaeb
[ 37.377176] Code: 73 01 c3 48 8b 0d 45 33 0f 00 f7 d8 64 89 01 48 83 c8 ff
c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 b0 00 00 00 0f 05 <48> 3d 01
f0 ff ff 73 01 c3 48 8b 0d
- 15 33 0f 00 f7 d8 64 89 01 48
+ 15 33 0f 00 f7 d8 64 89 01 48
[ 37.378351] RSP: 002b:00007ffc33b3bc48 EFLAGS: 00000206 ORIG_RAX:
00000000000000b0
[ 37.378870] RAX: ffffffffffffffda RBX: 00005615695dbe30 RCX:
00007f0a712ecaeb
[ 37.379368] RDX: 0000000000000000 RSI: 0000000000000800 RDI:
00005615695dbe98
[ 37.379837] RBP: 00005615695dbe30 R08: 0000000000000000 R09:
0000000000000000
[ 37.380308] R10: 00007f0a71384ac0 R11: 0000000000000206 R12:
00005615695dbe98
[ 37.380785] R13: 0000000000000000 R14: 00005615695dbe98 R15:
00007ffc33b3df78
[ 37.381256] </TASK>
[ 37.381438] Modules linked in: floppy(-) isofs intel_rapl_msr
intel_rapl_common binfmt_misc nls_iso8859_1 kvm_intel kvm rapl joydev
input_leds serio_raw mac_hid qemu_fw_cfg sch_fq_c
odel dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua drm efi_pstore
ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress raid10 raid456
async_raid6_recov async_memcpy asyn
c_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear
crct10dif_pclmul crc32_pclmul ghash_clmulni_intel sha256_ssse3 sha1_ssse3
aesni_intel i2c_i801 crypto_simd x
hci_pci virtio_net ahci net_failover cryptd i2c_smbus psmouse libahci
virtio_scsi lpc_ich virtio_blk virtio_rng xhci_pci_renesas failover
[ 37.385136] CR2: 0000000000000030
[ 37.385412] ---[ end trace 09bc3a6935dc73e0 ]---
[ 37.385730] RIP: 0010:blk_mq_cancel_work_sync+0x5/0x60
[ 37.386080] Code: 00 00 89 45 d0 89 de e8 d9 8b 09 00 8b 45 d0 e9 71 ff ff
ff b8 ea ff ff ff eb 94 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 <48> 83 7f
30 00 74 49 55 48 89 e5 41
- 54 49 89 fc 48 8d bf 60 05 00
+ 54 49 89 fc 48 8d bf 60 05 00
[ 37.387332] RSP: 0018:ffffb9cb00b87d70 EFLAGS: 00010246
[ 37.387702] RAX: ffff95f905452908 RBX: ffff95f90d38c900 RCX:
0000000082000101
[ 37.388179] RDX: 00000000820001bf RSI: ffffffffa8a92b36 RDI:
0000000000000000
[ 37.388646] RBP: ffffb9cb00b87d80 R08: 0000000000000001 R09:
0000000000000000
[ 37.389126] R10: 0000000000000001 R11: ffff000000000000 R12:
ffff95f9054525c0
[ 37.389607] R13: 0000000000000000 R14: 0000000000000000 R15:
0000000000000000
[ 37.390073] FS: 00007f0a711c4c40(0000) GS:ffff96005fc40000(0000)
knlGS:0000000000000000
[ 37.390620] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 37.391005] CR2: 0000000000000030 CR3: 000000010fcb0000 CR4:
0000000000750ee0
[ 37.391478] PKRU: 55555554
- This can be simply reproduced on a VM with a floppy disk added.
-
+ This can be simply reproduced on a VM with a floppy disk added and only
+ happens on 5.15 kernel, because of the change of kernel internal
+ structure.
[Fix]
This upstream commit fixes it:
commit 2598a2bb357d64baaa94368133ddbc900b9eb246
Author: Luis Chamberlain <[email protected]>
Date: Mon Sep 27 15:02:50 2021 -0700
- floppy: fix add_disk() assumption on exit due to new developments
-
- After the patch titled "floppy: use blk_mq_alloc_disk and
- blk_cleanup_disk" the floppy driver was modified to allocate
- the blk_mq_alloc_disk() which allocates the disk with the
- queue. This is further clarified later with the patch titled
- "block: remove alloc_disk and alloc_disk_node". This clarifies
- that:
-
- Most drivers should use and have been converted to use
- blk_alloc_disk and blk_mq_alloc_disk. Only the scsi
- ULPs and dasd still allocate a disk separately from the
- request_queue so don't bother with convenience macros for
- something that should not see significant new users and
- remove these wrappers.
-
- And then we have the patch titled, "block: hold a request_queue
- reference for the lifetime of struct gendisk" which ensures
- that a queue is *always* present for sure during the entire
- lifetime of a disk.
-
- In the floppy driver's case then the disk always comes with the
- queue. So even if even if the queue was cleaned up on exit, putting
- the disk *is* still required, and likewise, blk_cleanup_queue() on
- a null queue should not happen now as disk->queue is valid from
- disk allocation time on.
-
- Automatic backport code scrapers should hopefully not cherry pick
- this patch as a stable fix candidate without full due dilligence to
- ensure all the work done on the block layer to make this happen is
- merged first.
-
- Signed-off-by: Luis Chamberlain <[email protected]>
- Link: https://lore.kernel.org/r/[email protected]
- Signed-off-by: Jens Axboe <[email protected]>
+ floppy: fix add_disk() assumption on exit due to new developments
+
+ After the patch titled "floppy: use blk_mq_alloc_disk and
+ blk_cleanup_disk" the floppy driver was modified to allocate
+ the blk_mq_alloc_disk() which allocates the disk with the
+ queue. This is further clarified later with the patch titled
+ "block: remove alloc_disk and alloc_disk_node". This clarifies
+ that:
+
+ Most drivers should use and have been converted to use
+ blk_alloc_disk and blk_mq_alloc_disk. Only the scsi
+ ULPs and dasd still allocate a disk separately from the
+ request_queue so don't bother with convenience macros for
+ something that should not see significant new users and
+ remove these wrappers.
+
+ And then we have the patch titled, "block: hold a request_queue
+ reference for the lifetime of struct gendisk" which ensures
+ that a queue is *always* present for sure during the entire
+ lifetime of a disk.
+
+ In the floppy driver's case then the disk always comes with the
+ queue. So even if even if the queue was cleaned up on exit, putting
+ the disk *is* still required, and likewise, blk_cleanup_queue() on
+ a null queue should not happen now as disk->queue is valid from
+ disk allocation time on.
+
+ Automatic backport code scrapers should hopefully not cherry pick
+ this patch as a stable fix candidate without full due dilligence to
+ ensure all the work done on the block layer to make this happen is
+ merged first.
+
+ Signed-off-by: Luis Chamberlain <[email protected]>
+ Link: https://lore.kernel.org/r/[email protected]
+ Signed-off-by: Jens Axboe <[email protected]>
The floppy driver now uses blk_mq_alloc_disk(), which guarantees a valid
queue for the disk's lifetime. This change removes the need to
conditionally clean up the queue and ensures put_disk() is still
required on exit.
-
[Testcase]
Create a VM and add a floppy disk to it, remove the floppy module by
"modprobe -r floppy" to check if the null pointer deference occurs in
the kernel logs.
[Where problems can occur]
If there is something wrong in this commit, removing floppy module might
cause issues,
but it won't affect the whole system, and also floppy is rarely used nowadays.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2104326
Title:
Remove floppy kernel module causes null pointer deference
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2104326/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
