Commit 0054d8bf authored by Li Nan's avatar Li Nan Committed by Zheng Zengkai
Browse files

blk-mq: fix null pointer dereference in blk_mq_queue_tag_busy_ite 

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I617GN


CVE: NA

--------------------------------

The q->tag_set can be NULL in blk_mq_queue_tag_busy_ite() while queue
has not been initialized:

	CPU0					CPU1
dm_mq_init_request_queue
  md->tag_set = kzalloc_node
    blk_mq_init_allocated_queue
      q->mq_ops = set->ops;
					diskstats_show
					  part_get_stat_info
					    if(q->mq_ops)
					      blk_mq_in_flight_with_stat
						blk_mq_queue_tag_busy_ite
						  if (blk_mq_is_shared_tags(q->tag_set->flags))
						  //q->tag_set is null here
      q->tag_set = set
blk_register_queue
  blk_queue_flag_set(QUEUE_FLAG_REGISTERED, q)

There is same bug when cat /sys/block/[device]/inflight. Fix it by checking
the flag 'QUEUE_FLAG_REGISTERED'. Althrough this may cause some io not to
be counted temporarily, it doesn't hurt in real user case.

Signed-off-by: default avatarLi Nan <linan122@huawei.com>
Reviewed-by: default avatarJason Yan <yanaijie@huawei.com>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
parent 2e7c6f05
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment