[PATCH openEuler-1.0-LTS] block: fix NULL pointer in blkcg_drain_queue()

From: Laibin Qiu qiulaibin@huawei.com

hulk inclusion category: bugfix bugzilla: 182135 CVE: NA

-------------------------------------------------

blkcg_init_queue blk_iolatency_init blk_mq_freeze_queue blk_throtl_drain <- blk_throtl will be initialized later, so q->td is NULL and trigger this NULL pointer BUG. blk_throtl_init

The following is the log of the problem. ------------[ cut here ]------------ [ 8.516269] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 [ 8.516296] RIP: 0010:blk_throtl_drain+0x142/0x760 [ 8.520477] Call Trace: [ 8.520477] blkcg_drain_queue+0x90/0x120 [ 8.520477] __blk_drain_queue+0x18a/0x760 [ 8.520477] blk_drain_queue+0x45/0x80 [ 8.520477] blk_freeze_queue+0x58/0x70 [ 8.520477] blk_iolatency_init+0xdc/0x3e7 [ 8.520477] blkcg_init_queue+0x214/0x5e0 [ 8.520477] blk_alloc_queue_node+0x826/0xc10 [ 8.520477] ? ramdisk_size+0x27/0x27 [ 8.520477] brd_alloc+0x118/0x540 [ 8.520477] ? ramdisk_size+0x27/0x27 [ 8.520477] brd_init+0x179/0x4be [ 8.520477] ? do_one_initcall+0x5fe/0x783 [ 8.520477] ? ramdisk_size+0x27/0x27 [ 8.520477] do_one_initcall+0xf7/0x783 [ 8.520477] ? initcall_blacklisted+0x1b0/0x1b0 [ 8.520477] ? __wake_up_common+0x600/0x620 [ 8.520477] ? lock_downgrade+0x720/0x720 [ 8.520477] ? check_preemption_disabled+0x40/0x2a0 [ 8.520477] kernel_init_freeable+0xb34/0xc27 [ 8.520477] ? rest_init+0x41c/0x41c [ 8.520477] kernel_init+0x10/0x1e0 [ 8.520477] ? rest_init+0x41c/0x41c [ 8.520477] ret_from_fork+0x24/0x30 [ 8.520477] Modules linked in: [ 8.520477] Dumping ftrace buffer: [ 8.520477] (ftrace buffer empty) [ 8.520477] ---[ end trace 74cf51ecec6ee7a1 ]---

Fix this by judging whether q->td is NULL. If so, Indicates that the io_throttle module has not been initialized.

Fixes: ee3147b403e5e ("block: fix race between adding/removing rq qos and normal IO") Signed-off-by: Laibin Qiu qiulaibin@huawei.com Reviewed-by: Hou Tao houtao1@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- block/blk-cgroup.c | 7 +++++++ 1 file changed, 7 insertions(+)

diff --git a/block/blk-cgroup.c b/block/blk-cgroup.c index 592befc26584f..9511330bfebc7 100644 --- a/block/blk-cgroup.c +++ b/block/blk-cgroup.c @@ -1314,6 +1314,13 @@ void blkcg_drain_queue(struct request_queue *q) if (!q->root_blkg) return;

+ /* + * @q could be exiting and q->td has not been initialized. + * If so, don't need drain any throttled bios. + */ + if (!q->td) + return; + blk_throtl_drain(q); }