Commit 4134b635 authored by Zhong Jinghua's avatar Zhong Jinghua Committed by Jialin Zhang
Browse files

Revert "block: fix null-deref in percpu_ref_put" 

hulk inclusion
category: bugfix
bugzilla: 187268, https://gitee.com/openeuler/kernel/issues/I5N162



----------------------------------------

This reverts commit 51e35e67.

There is a new fix for this problem in the mainline patch, so the patch
should return to the mainline solution.

mainline patch:
d36a9ea5 ("block: fix use-after-free of q->q_usage_counter")

Fixes: 51e35e67("block: fix null-deref in percpu_ref_put")
Signed-off-by: default avatarZhong Jinghua <zhongjinghua@huawei.com>
Reviewed-by: default avatarHou Tao <houtao1@huawei.com>
Signed-off-by: default avatarJialin Zhang <zhangjialin11@huawei.com>
parent 57173bd4

block/blk-core.c

+1 −3
Original line number Diff line number Diff line
@@ -400,8 +400,7 @@ void blk_cleanup_queue(struct request_queue *q) 
	 * prevent that blk_mq_run_hw_queues() accesses the hardware queues

	 * after draining finished.

	 */

	blk_freeze_queue_start(q);

	blk_mq_freeze_queue_wait_sync(q);

	blk_freeze_queue(q);



	rq_qos_exit(q);
@@ -518,7 +517,6 @@ static void blk_queue_usage_counter_release(struct percpu_ref *ref) 
	struct request_queue *q =

		container_of(ref, struct request_queue, q_usage_counter);



	blk_queue_flag_set(QUEUE_FLAG_USAGE_COUNT_SYNC, q);

	wake_up_all(&q->mq_freeze_wq);

}

block/blk-mq.c

+0 −7
Original line number Diff line number Diff line
@@ -195,7 +195,6 @@ void blk_freeze_queue_start(struct request_queue *q) 
{

	mutex_lock(&q->mq_freeze_lock);

	if (++q->mq_freeze_depth == 1) {

		blk_queue_flag_clear(QUEUE_FLAG_USAGE_COUNT_SYNC, q);

		percpu_ref_kill(&q->q_usage_counter);

		mutex_unlock(&q->mq_freeze_lock);

		if (queue_is_mq(q))
@@ -206,12 +205,6 @@ void blk_freeze_queue_start(struct request_queue *q) 
}

EXPORT_SYMBOL_GPL(blk_freeze_queue_start);



void blk_mq_freeze_queue_wait_sync(struct request_queue *q)

{

	wait_event(q->mq_freeze_wq, percpu_ref_is_zero(&q->q_usage_counter) &&

			test_bit(QUEUE_FLAG_USAGE_COUNT_SYNC, &q->queue_flags));

}



void blk_mq_freeze_queue_wait(struct request_queue *q)

{

	wait_event(q->mq_freeze_wq, percpu_ref_is_zero(&q->q_usage_counter));

include/linux/blk-mq.h

+0 −1
Original line number Diff line number Diff line
@@ -566,7 +566,6 @@ void blk_mq_freeze_queue(struct request_queue *q); 
void blk_mq_unfreeze_queue(struct request_queue *q);

void blk_freeze_queue_start(struct request_queue *q);

void blk_mq_freeze_queue_wait(struct request_queue *q);

void blk_mq_freeze_queue_wait_sync(struct request_queue *q);

int blk_mq_freeze_queue_wait_timeout(struct request_queue *q,

				     unsigned long timeout);

include/linux/blkdev.h

+0 −2
Original line number Diff line number Diff line
@@ -643,8 +643,6 @@ struct request_queue { 
#define QUEUE_FLAG_NOWAIT       29	/* device supports NOWAIT */

/*at least one blk-mq hctx can't get driver tag */

#define QUEUE_FLAG_HCTX_WAIT	30

/* sync for q_usage_counter */

#define QUEUE_FLAG_USAGE_COUNT_SYNC    31



#define QUEUE_FLAG_MQ_DEFAULT	((1 << QUEUE_FLAG_IO_STAT) |		\

				 (1 << QUEUE_FLAG_SAME_COMP) |		\