[PATCH OLK-5.10 1/2] block: fix null-pointer dereference in ioc_pd_init

hulk inclusion category: bugfix bugzilla: 188044, https://gitee.com/openeuler/kernel/issues/I64SY5 CVE: NA

--------------------------------

Remove block device when iocost is initializing may cause null-pointer dereference:

CPU1 CPU2 ioc_qos_write blkcg_conf_open_bdev blkdev_get_no_open kobject_get_unless_zero blk_iocost_init rq_qos_add blk_cleanup_queue rq_qos_exit q->rq_qos = rqos->next //iocost is removed from q->roqs blkcg_activate_policy pd_init_fn ioc_pd_init ioc = q_to_ioc(blkg->q) //can't find iocost and return null

Fix problem by moving rq_qos_exit() to blk_release_queue(). ioc_qos_write() get bd_device.kobj in blkcg_conf_open_bdev(), so blk_release_queue() will not be activated until iocost initialization is complited.

Fixes: 7caa47151ab2 ("blkcg: implement blk-iocost")

Conflict: block/blk-core.c commit 4134b63509f4 ("Revert "block: fix null-deref in percpu_ref_put"") changed context, which does not affect this patch.

Signed-off-by: Li Nan linan122@huawei.com --- block/blk-core.c | 2 -- block/blk-sysfs.c | 2 ++ 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/block/blk-core.c b/block/blk-core.c index 06fb25bd24df..5897e7bbbee3 100644 --- a/block/blk-core.c +++ b/block/blk-core.c @@ -402,8 +402,6 @@ void blk_cleanup_queue(struct request_queue *q) */ blk_freeze_queue(q);

- rq_qos_exit(q); - blk_queue_flag_set(QUEUE_FLAG_DEAD, q);

/* for synchronous bio-based driver finish in-flight integrity i/o */ diff --git a/block/blk-sysfs.c b/block/blk-sysfs.c index 169e63ee05cb..8012a7e51788 100644 --- a/block/blk-sysfs.c +++ b/block/blk-sysfs.c @@ -792,6 +792,8 @@ static void blk_release_queue(struct kobject *kobj)

blk_free_queue_stats(q->stats);

+ rq_qos_exit(q); + blk_exit_queue(q);

blk_queue_free_zone_bitmaps(q);