linux/block
Tejun Heo d16baa3f14 blk-iocost: fix NULL iocg deref from racing against initialization
When initializing iocost for a queue, its rqos should be registered before
the blkcg policy is activated to allow policy data initiailization to lookup
the associated ioc. This unfortunately means that the rqos methods can be
called on bios before iocgs are attached to all existing blkgs.

While the race is theoretically possible on ioc_rqos_throttle(), it mostly
happened in ioc_rqos_merge() due to the difference in how they lookup ioc.
The former determines it from the passed in @rqos and then bails before
dereferencing iocg if the looked up ioc is disabled, which most likely is
the case if initialization is still in progress. The latter looked up ioc by
dereferencing the possibly NULL iocg making it a lot more prone to actually
triggering the bug.

* Make ioc_rqos_merge() use the same method as ioc_rqos_throttle() to look
  up ioc for consistency.

* Make ioc_rqos_throttle() and ioc_rqos_merge() test for NULL iocg before
  dereferencing it.

* Explain the danger of NULL iocgs in blk_iocost_init().

Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Jonathan Lemon <bsd@fb.com>
Cc: stable@vger.kernel.org # v5.4+
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-01-05 11:33:32 -07:00
..
partitions block: update some copyrights 2020-12-22 08:43:06 -07:00
badblocks.c
bfq-cgroup.c
bfq-iosched.c block-5.10-2020-10-12 2020-10-13 12:12:44 -07:00
bfq-iosched.h
bfq-wf2q.c
bio-integrity.c
bio.c bio: optimise bvec iteration 2020-12-02 09:46:55 -07:00
blk-cgroup-rwstat.c
blk-cgroup-rwstat.h
blk-cgroup.c block: merge struct block_device and struct hd_struct 2020-12-01 14:53:40 -07:00
blk-core.c block: remove the request_queue argument to the block_bio_remap tracepoint 2020-12-04 09:42:00 -07:00
blk-crypto-fallback.c
blk-crypto-internal.h block: make blk_crypto_rq_bio_prep() able to fail 2020-10-05 10:47:43 -06:00
blk-crypto.c block: warn if !__GFP_DIRECT_RECLAIM in bio_crypt_set_ctx() 2020-10-05 10:47:43 -06:00
blk-exec.c
blk-flush.c for-5.11/block-2020-12-14 2020-12-16 12:57:51 -08:00
blk-integrity.c block: remove the unused blk_integrity_merge_bio export 2020-10-06 07:29:53 -06:00
blk-ioc.c
blk-iocost.c blk-iocost: fix NULL iocg deref from racing against initialization 2021-01-05 11:33:32 -07:00
blk-iolatency.c block: Remove redundant 'return' statement 2020-10-08 07:59:48 -06:00
blk-lib.c block: move the start_sect field to struct block_device 2020-12-01 14:53:40 -07:00
blk-map.c block: fix bmd->is_null_mapped initialization 2020-09-23 09:18:39 -06:00
blk-merge.c for-5.11/block-2020-12-14 2020-12-16 12:57:51 -08:00
blk-mq-cpumap.c blk-mq: remove the calling of local_memory_node() 2020-10-20 07:08:17 -06:00
blk-mq-debugfs-zoned.c
blk-mq-debugfs.c block: add debugfs stanza for QUEUE_FLAG_NOWAIT 2020-12-29 16:47:46 -07:00
blk-mq-debugfs.h
blk-mq-pci.c
blk-mq-rdma.c
blk-mq-sched.c block: remove the request_queue to argument request based tracepoints 2020-12-04 09:42:00 -07:00
blk-mq-sched.h block-5.10-2020-10-12 2020-10-13 12:12:44 -07:00
blk-mq-sysfs.c blk-mq: move cancel of hctx->run_work to the front of blk_exit_queue 2020-10-09 12:46:28 -06:00
blk-mq-tag.c block-mq: fix comments in blk_mq_queue_tag_busy_iter 2020-09-29 08:11:00 -06:00
blk-mq-tag.h
blk-mq-virtio.c
blk-mq.c blk-mq: Don't complete on a remote CPU in force threaded mode 2020-12-17 13:41:30 -07:00
blk-mq.h blk-mq: update arg in comment of blk_mq_map_queue 2020-12-12 11:13:41 -07:00
blk-pm.c
blk-pm.h
blk-rq-qos.c
blk-rq-qos.h
blk-settings.c for-5.11/drivers-2020-12-14 2020-12-16 13:09:32 -08:00
blk-stat.c
blk-stat.h
blk-sysfs.c blk-mq: move cancel of hctx->run_work to the front of blk_exit_queue 2020-10-09 12:46:28 -06:00
blk-throttle.c blk-throttle: don't check whether or not lower limit is valid if CONFIG_BLK_DEV_THROTTLING_LOW is off 2020-12-02 12:44:20 -07:00
blk-timeout.c
blk-wbt.c block: wbt: Remove unnecessary invoking of wbt_update_limits in wbt_init 2020-11-30 15:01:18 -07:00
blk-wbt.h
blk-zoned.c block: Improve blk_revalidate_disk_zones() checks 2020-12-07 17:34:21 -07:00
blk.h for-5.11/drivers-2020-12-14 2020-12-16 13:09:32 -08:00
bounce.c block: simplify and extend the block_bio_merge tracepoint class 2020-12-04 09:42:00 -07:00
bsg-lib.c block: drop double zeroing 2020-09-23 09:18:13 -06:00
bsg.c
cmdline-parser.c
elevator.c block: fix comment and add lockdep assert 2020-10-09 12:34:06 -06:00
genhd.c block: update some copyrights 2020-12-22 08:43:06 -07:00
ioctl.c block: move the policy field to struct block_device 2020-12-01 14:53:40 -07:00
ioprio.c
Kconfig
Kconfig.iosched
keyslot-manager.c block/keyslot-manager: prevent crash when num_slots=1 2020-11-20 11:52:52 -07:00
kyber-iosched.c
Makefile
mq-deadline.c
opal_proto.h
scsi_ioctl.c drivers-5.10-2020-10-12 2020-10-13 13:04:41 -07:00
sed-opal.c
t10-pi.c