bfq: fix null-ptr-deref in bfq_pd_offline (a9d49f94) · 提交 · openeuler / Kernel

提交 a9d49f94 编写于 1月 06, 2023 作者: L Li Nan 提交者： Zheng Zengkai 1月 06, 2023

bfq: fix null-ptr-deref in bfq_pd_offline

hulk inclusion
category: bugfix
bugzilla: 188174, https://gitee.com/openeuler/kernel/issues/I677QO
CVE: NA

--------------------------------

bfqg->bfqd is assigned in bfq_pd_init(). bfqg may be allocted but not
initialized when bfq_pd_alloc() return NULL in blkcg_activate_policy().
queue_lock is unlock now and delete cgroup at this time will cause error.

  T1					T2
  bfq_init_queue
   bfq_create_group_hierarchy
    blkcg_activate_policy
     traverse q->blkg_list
      1)pd_alloc_fn success
         blkg->pd[pol->plid] = pd
      2)pd_alloc_fn fail
         spin_unlock_irq(&q->queue_lock)
	  -> 1)is alloced but not init
					blkcg_destroy_blkgs
  					 blkg_destroy
  					  if blkg->pd[i]
  					   bfq_pd_offline
  					    use bfqg->bfqd -> error
Signed-off-by: NLi Nan <linan122@huawei.com>
Reviewed-by: NHou Tao <houtao1@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

上级 9da915fa

隐藏空白更改

内联并排

浏览文件 @ a9d49f94

...	@@ -911,6 +911,9 @@ static void bfq_pd_offline(struct blkg_policy_data *pd)	...	@@ -911,6 +911,9 @@ static void bfq_pd_offline(struct blkg_policy_data *pd)
	unsigned long flags;		unsigned long flags;
	int i;		int i;

			if (!bfqg->online)
			return;

	spin_lock_irqsave(&bfqd->lock, flags);		spin_lock_irqsave(&bfqd->lock, flags);

	if (!entity) /* root group */		if (!entity) /* root group */
...		...

想要评论请注册或

openeuler / Kernel 大约 2 年 前同步成功

bfq: fix null-ptr-deref in bfq_pd_offline

openeuler / Kernel
大约 2 年前同步成功