Acs, Jakub 7400fa1729 block, bfq: fix re-introduced UAF in bic_set_bfqq() ... Commit eca0025faa ("block, bfq: split sync bfq_queues on a per-actuator basis"), which is a backport of 9778369a2d6c5e ("block, bfq: split sync bfq_queues on a per-actuator basis") re-introduces UAF bug originally fixed by b600de2d7d3a16 ("block, bfq: fix uaf for bfqq in bic_set_bfqq()") and backported to 6.1 in cb1876fc33 ("block, bfq: fix uaf for bfqq in bic_set_bfqq()"). bfq_release_process_ref() may release the sync_bfqq variable, which points to the same bfqq as bic->bfqq member for call context from __bfq_bic_change_cgroup(). bic_set_bfqq() then accesses bic->bfqq member which leads to the UAF condition. Fix this by bringing the incriminated function calls back in correct order. Fixes: eca0025faa ("block, bfq: split sync bfq_queues on a per-actuator basis") Signed-off-by: Jakub Acs <acsjakub@amazon.de> Cc: Hagar Hemdan <hagarhem@amazon.com> Cc: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2025-03-28 21:59:02 +01:00
..
partitions	block: fix conversion of GPT partition name to 7-bit	2025-03-13 12:53:15 +01:00
badblocks.c
bdev.c
bfq-cgroup.c	block, bfq: fix re-introduced UAF in bic_set_bfqq()	2025-03-28 21:59:02 +01:00
bfq-iosched.c	block, bfq: fix bfqq uaf in bfq_limit_depth()	2025-03-07 16:56:41 +01:00
bfq-iosched.h	block, bfq: split sync bfq_queues on a per-actuator basis	2025-03-07 16:56:41 +01:00
bfq-wf2q.c
bio-integrity.c	block: initialize integrity buffer to zero before writing it to media	2024-08-03 08:48:53 +02:00
bio.c	block: fix 'kmem_cache of name 'bio-108' already exists'	2025-03-28 21:58:53 +01:00
blk-cgroup-fc-appid.c
blk-cgroup-rwstat.c
blk-cgroup-rwstat.h
blk-cgroup.c	blk-cgroup: Fix class @block_class's subsystem refcount leakage	2025-02-21 13:49:41 +01:00
blk-cgroup.h
blk-core.c	block: Fix where bio IO priority gets set	2024-09-30 16:23:50 +02:00
blk-crypto-fallback.c
blk-crypto-internal.h
blk-crypto-profile.c
blk-crypto-sysfs.c
blk-crypto.c
blk-flush.c
blk-ia-ranges.c
blk-integrity.c	blk-integrity: register sysfs attributes on struct device	2024-10-17 15:21:48 +02:00
blk-ioc.c
blk-iocost.c	blk-iocost: Avoid using clamp() on inuse in __propagate_weights()	2024-12-19 18:08:57 +01:00
blk-iolatency.c
blk-ioprio.c
blk-ioprio.h
blk-lib.c
blk-map.c	block: fix sanity checks in blk_rq_map_user_bvec	2024-11-08 16:26:45 +01:00
blk-merge.c	block: fix bio_split_rw_at to take zone_write_granularity into account	2024-12-14 19:53:15 +01:00
blk-mq-cpumap.c
blk-mq-debugfs-zoned.c
blk-mq-debugfs.c
blk-mq-debugfs.h
blk-mq-pci.c
blk-mq-rdma.c
blk-mq-sched.c
blk-mq-sched.h
blk-mq-sysfs.c
blk-mq-tag.c	block: Fix lockdep warning in blk_mq_mark_tag_wait	2024-08-29 17:30:33 +02:00
blk-mq-tag.h
blk-mq-virtio.c
blk-mq.c	blk-mq: register cpuhp callback after hctx is added to xarray table	2025-01-02 10:30:52 +01:00
blk-mq.h	block: fix ordering between checking BLK_MQ_S_STOPPED request adding	2024-12-14 19:54:04 +01:00
blk-pm.c
blk-pm.h
blk-rq-qos.c	blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race	2024-10-22 15:56:45 +02:00
blk-rq-qos.h
blk-settings.c
blk-stat.c
blk-stat.h
blk-sysfs.c	block: fix uaf for flush rq while iterating tags	2025-01-23 17:17:16 +01:00
blk-throttle.c
blk-throttle.h
blk-timeout.c
blk-wbt.c
blk-wbt.h
blk-zoned.c
blk.h	blk-integrity: register sysfs attributes on struct device	2024-10-17 15:21:48 +02:00
bounce.c
bsg-lib.c
bsg.c
disk-events.c
elevator.c	block: Fix elevator_get_default() checking for NULL q->tag_set	2024-11-17 15:07:20 +01:00
elevator.h
fops.c	block: don't revert iter for -EIOCBQUEUED	2025-02-21 13:49:45 +01:00
genhd.c	block: retry call probe after request_module in blk_request_module	2025-02-21 13:48:53 +01:00
holder.c
ioctl.c	block: fix integer overflow in BLKSECDISCARD	2025-02-01 18:30:09 +01:00
ioprio.c
Kconfig
Kconfig.iosched
kyber-iosched.c
Makefile
mq-deadline.c	block/mq-deadline: Fix the tag reservation code	2024-08-14 13:53:02 +02:00
opal_proto.h
sed-opal.c
t10-pi.c