diff --git a/patches.suse/scsi-target-pscsi-Fix-bio_put-for-error-case.patch b/patches.suse/scsi-target-pscsi-Fix-bio_put-for-error-case.patch new file mode 100644 index 0000000..1827c57 --- /dev/null +++ b/patches.suse/scsi-target-pscsi-Fix-bio_put-for-error-case.patch @@ -0,0 +1,48 @@ +From: Naohiro Aota +Date: Wed, 14 Feb 2024 23:43:56 +0900 +Subject: scsi: target: pscsi: Fix bio_put() for error case +Git-commit: de959094eb2197636f7c803af0943cb9d3b35804 +Patch-mainline: v6.8-rc6 +References: bsc#1222596 cve-2024-267600 + +As of commit 066ff571011d ("block: turn bio_kmalloc into a simple kmalloc +wrapper"), a bio allocated by bio_kmalloc() must be freed by bio_uninit() +and kfree(). That is not done properly for the error case, hitting WARN and +NULL pointer dereference in bio_free(). + +Fixes: 066ff571011d ("block: turn bio_kmalloc into a simple kmalloc wrapper") +CC: stable@vger.kernel.org # 6.1+ +Signed-off-by: Naohiro Aota +Link: https://lore.kernel.org/r/20240214144356.101814-1-naohiro.aota@wdc.com +Reviewed-by: Christoph Hellwig +Reviewed-by: Johannes Thumshirn +Signed-off-by: Martin K. Petersen +Acked-by: Lee Duncan +--- + drivers/target/target_core_pscsi.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/drivers/target/target_core_pscsi.c b/drivers/target/target_core_pscsi.c +index 41b7489d37ce..ed4fd22eac6e 100644 +--- a/drivers/target/target_core_pscsi.c ++++ b/drivers/target/target_core_pscsi.c +@@ -907,12 +907,15 @@ pscsi_map_sg(struct se_cmd *cmd, struct scatterlist *sgl, u32 sgl_nents, + + return 0; + fail: +- if (bio) +- bio_put(bio); ++ if (bio) { ++ bio_uninit(bio); ++ kfree(bio); ++ } + while (req->bio) { + bio = req->bio; + req->bio = bio->bi_next; +- bio_put(bio); ++ bio_uninit(bio); ++ kfree(bio); + } + req->biotail = NULL; + return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE; + diff --git a/series.conf b/series.conf index 09f8a0b..b429465 100644 --- a/series.conf +++ b/series.conf @@ -45776,6 +45776,7 @@ patches.suse/ARM-ep93xx-Add-terminator-to-gpiod_lookup_table.patch patches.suse/arm64-dts-rockchip-set-num-cs-property-for-spi-on-px30.patch patches.suse/i2c-imx-when-being-a-target-mark-the-last-read-as-pr.patch + patches.suse/scsi-target-pscsi-Fix-bio_put-for-error-case.patch patches.suse/PCI-MSI-Prevent-MSI-hardware-interrupt-number-truncation.patch patches.suse/x86-bugs-Add-asm-helpers-for-executing-VERW.patch patches.suse/x86-entry_64-Add-VERW-just-before-userspace-transition.patch