Commit a9d49f94 authored by Li Nan's avatar Li Nan Committed by Zheng Zengkai
Browse files

bfq: fix null-ptr-deref in bfq_pd_offline 

hulk inclusion
category: bugfix
bugzilla: 188174, https://gitee.com/openeuler/kernel/issues/I677QO


CVE: NA

--------------------------------

bfqg->bfqd is assigned in bfq_pd_init(). bfqg may be allocted but not
initialized when bfq_pd_alloc() return NULL in blkcg_activate_policy().
queue_lock is unlock now and delete cgroup at this time will cause error.

  T1					T2
  bfq_init_queue
   bfq_create_group_hierarchy
    blkcg_activate_policy
     traverse q->blkg_list
      1)pd_alloc_fn success
         blkg->pd[pol->plid] = pd
      2)pd_alloc_fn fail
         spin_unlock_irq(&q->queue_lock)
	  -> 1)is alloced but not init
					blkcg_destroy_blkgs
  					 blkg_destroy
  					  if blkg->pd[i]
  					   bfq_pd_offline
  					    use bfqg->bfqd -> error

Signed-off-by: default avatarLi Nan <linan122@huawei.com>
Reviewed-by: default avatarHou Tao <houtao1@huawei.com>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
parent 9da915fa
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment