Unverified Commit dbbaf94c authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!9799 null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' 

Merge Pull Request from: @ci-robot 
 
PR sync from: Li Nan <linan122@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/WLKXXNYTCJ7MYIWWUWDVAH3OKUHRKGT5/ 
 
https://gitee.com/src-openeuler/kernel/issues/IA7D6H 
 
Link:https://gitee.com/openeuler/kernel/pulls/9799

 

Reviewed-by: default avatarYu Kuai <yukuai3@huawei.com>
Reviewed-by: default avatarJialin Zhang <zhangjialin11@huawei.com>
Signed-off-by: default avatarJialin Zhang <zhangjialin11@huawei.com>
parents 083359e7 7de60ff5

drivers/block/null_blk/main.c

+26 −17
Original line number Diff line number Diff line
@@ -323,11 +323,9 @@ CONFIGFS_ATTR(nullb_device_, NAME); 
static int nullb_apply_submit_queues(struct nullb_device *dev,

				     unsigned int submit_queues)

{

	struct nullb *nullb = dev->nullb;

	struct nullb *nullb;

	struct blk_mq_tag_set *set;



	if (!nullb)

		return 0;

	int ret = 0;



	/*

	 * Make sure that null_init_hctx() does not access nullb->queues[] past
@@ -335,9 +333,20 @@ static int nullb_apply_submit_queues(struct nullb_device *dev, 
	 */

	if (submit_queues > nr_cpu_ids)

		return -EINVAL;



	mutex_lock(&lock);



	nullb = dev->nullb;

	if (!nullb)

		goto out;



	set = nullb->tag_set;

	blk_mq_update_nr_hw_queues(set, submit_queues);

	return set->nr_hw_queues == submit_queues ? 0 : -ENOMEM;

	ret = set->nr_hw_queues == submit_queues ? 0 : -ENOMEM;



out:

	mutex_unlock(&lock);

	return ret;

}



NULLB_DEVICE_ATTR(size, ulong, NULL);
@@ -378,27 +387,31 @@ static ssize_t nullb_device_power_store(struct config_item *item, 
	if (ret < 0)

		return ret;



	ret = count;

	mutex_lock(&lock);

	if (!dev->power && newp) {

		if (test_and_set_bit(NULLB_DEV_FL_UP, &dev->flags))

			return count;

			goto out;



		if (null_add_dev(dev)) {

			clear_bit(NULLB_DEV_FL_UP, &dev->flags);

			return -ENOMEM;

			ret = -ENOMEM;

			goto out;

		}



		set_bit(NULLB_DEV_FL_CONFIGURED, &dev->flags);

		dev->power = newp;

	} else if (dev->power && !newp) {

		if (test_and_clear_bit(NULLB_DEV_FL_UP, &dev->flags)) {

			mutex_lock(&lock);

			dev->power = newp;

			null_del_dev(dev->nullb);

			mutex_unlock(&lock);

		}

		clear_bit(NULLB_DEV_FL_CONFIGURED, &dev->flags);

	}



	return count;

out:

	mutex_unlock(&lock);

	return ret;

}



CONFIGFS_ATTR(nullb_device_, power);
@@ -1880,15 +1893,11 @@ static int null_add_dev(struct nullb_device *dev) 
	blk_queue_flag_set(QUEUE_FLAG_NONROT, nullb->q);

	blk_queue_flag_clear(QUEUE_FLAG_ADD_RANDOM, nullb->q);



	mutex_lock(&lock);

	rv = ida_simple_get(&nullb_indexes, 0, 0, GFP_KERNEL);

	if (rv < 0) {

		mutex_unlock(&lock);

	if (rv < 0)

		goto out_cleanup_zone;

	}

	nullb->index = rv;

	dev->index = rv;

	mutex_unlock(&lock);



	blk_queue_logical_block_size(nullb->q, dev->blocksize);

	blk_queue_physical_block_size(nullb->q, dev->blocksize);
@@ -1901,9 +1910,7 @@ static int null_add_dev(struct nullb_device *dev) 
	if (rv)

		goto out_ida_free;



	mutex_lock(&lock);

	list_add_tail(&nullb->list, &nullb_list);

	mutex_unlock(&lock);



	return 0;
@@ -1985,7 +1992,9 @@ static int __init null_init(void) 
			ret = -ENOMEM;

			goto err_dev;

		}

		mutex_lock(&lock);

		ret = null_add_dev(dev);

		mutex_unlock(&lock);

		if (ret) {

			null_free_dev(dev);

			goto err_dev;