From: Li Nan <linan122@huawei.com> hulk inclusion category: bugfix bugzilla: 187489, https://gitee.com/openeuler/kernel/issues/I5MKPP CVE: NA -------------------------------- The q->tag_set can be NULL in blk_mq_queue_tag_busy_ite() while queue has not been initialized: CPU0 CPU1 dm_mq_init_request_queue md->tag_set = kzalloc_node blk_mq_init_allocated_queue q->mq_ops = set->ops; diskstats_show part_get_stat_info if(q->mq_ops) blk_mq_in_flight_with_stat blk_mq_queue_tag_busy_ite if (blk_mq_is_shared_tags(q->tag_set->flags)) //q->tag_set is null here q->tag_set = set blk_register_queue blk_queue_flag_set(QUEUE_FLAG_REGISTERED, q) There is same bug when cat /sys/block/[device]/inflight. Fix it by checking the flag 'QUEUE_FLAG_REGISTERED'. Althrough this may cause some io not to be counted temporarily, it doesn't hurt in real user case. Signed-off-by: Li Nan <linan122@huawei.com> Reviewed-by: Jason Yan <yanaijie@huawei.com> Signed-off-by: Yongqiang Liu <liuyongqiang13@huawei.com> --- block/blk-mq-tag.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/block/blk-mq-tag.c b/block/blk-mq-tag.c index bee92ab06a5e..c24802fe6ab2 100644 --- a/block/blk-mq-tag.c +++ b/block/blk-mq-tag.c @@ -374,6 +374,13 @@ void blk_mq_queue_tag_busy_iter(struct request_queue *q, busy_iter_fn *fn, struct blk_mq_hw_ctx *hctx; int i; + /* + * For dm, it can run here after register_disk, but the queue has not + * been initialized yet. Check QUEUE_FLAG_REGISTERED prevent null point + * access. + */ + if (!test_bit(QUEUE_FLAG_REGISTERED, &q->queue_flags)) + return; /* * __blk_mq_update_nr_hw_queues will update the nr_hw_queues and * queue_hw_ctx after freeze the queue, so we use q_usage_counter -- 2.25.1