[ Sasha's backport helper bot ]
Hi,
The upstream commit SHA1 provided is correct: 3802f73bd80766d70f319658f334754164075bc3
WARNING: Author mismatch between patch and upstream commit: Backport author: hsimeliere.opensource@witekio.com Commit author: Yu Kuaiyukuai3@huawei.com
Status in newer kernel trees: 6.12.y | Present (different SHA1: 61092568f2a9) 6.6.y | Not found
Note: The patch differs from the upstream commit: --- 1: 3802f73bd8076 ! 1: e56389adaaf72 block: fix uaf for flush rq while iterating tags @@ Metadata ## Commit message ## block: fix uaf for flush rq while iterating tags
+ [ Upstream commit 3802f73bd80766d70f319658f334754164075bc3 ] + blk_mq_clear_flush_rq_mapping() is not called during scsi probe, by checking blk_queue_init_done(). However, QUEUE_FLAG_INIT_DONE is cleared in del_gendisk by commit aec89dc5d421 ("block: keep q_usage_counter in @@ Commit message Reviewed-by: Ming Lei ming.lei@redhat.com Link: https://lore.kernel.org/r/20241104110005.1412161-1-yukuai1@huaweicloud.com Signed-off-by: Jens Axboe axboe@kernel.dk + Signed-off-by: BRUNO VERNAY bruno.vernay@se.com + Signed-off-by: Hugo SIMELIERE hsimeliere.opensource@witekio.com
## block/blk-sysfs.c ## @@ block/blk-sysfs.c: int blk_register_queue(struct gendisk *disk) @@ block/genhd.c: void del_gendisk(struct gendisk *disk) - } + else if (queue_is_mq(q)) + blk_mq_exit_queue(q); + } + EXPORT_SYMBOL(del_gendisk);
- if (start_drain) - blk_unfreeze_release_lock(q, true, queue_dying); ---
Results of testing on various branches:
| Branch | Patch Apply | Build Test | |---------------------------|-------------|------------| | stable/linux-6.6.y | Success | Success | | stable/linux-6.1.y | Success | Success |