linux/block
Ming Lei ee37eddbfa block: avoid use-after-free on throttle data
In throtl_pending_timer_fn(), request queue is retrieved from throttle
data. And tg's pending timer is deleted synchronously when releasing the
associated blkg, at that time, throttle data may have been freed since
commit 1059699f87 ("block: move blkcg initialization/destroy into disk
allocation/release handler") moves freeing q->td to disk_release() from
blk_release_queue(). So use-after-free on q->td in throtl_pending_timer_fn
can be triggered.

Fixes the issue by:

- do nothing in case that disk is released, when there isn't any bio to
  dispatch

- retrieve request queue from blkg instead of throttle data for
non top-level pending timer.

Signed-off-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20220318130144.1066064-2-ming.lei@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2022-03-18 09:57:56 -06:00
..
partitions block: remove genhd.h 2022-02-02 07:49:59 -07:00
badblocks.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
bdev.c block: remove redundant semicolon 2022-02-27 14:52:36 -07:00
bfq-cgroup.c block, bfq: don't move oom_bfqq 2022-02-18 06:13:00 -07:00
bfq-iosched.c block/bfq-iosched: Fix spelling mistake "tenative" -> "tentative" 2022-03-16 06:03:15 -06:00
bfq-iosched.h block, bfq: cleanup bfq_bfqq_to_bfqg() 2022-02-18 06:13:00 -07:00
bfq-wf2q.c block, bfq: cleanup bfq_bfqq_to_bfqg() 2022-02-18 06:13:00 -07:00
bio-integrity.c block: clone crypto and integrity data in __bio_clone_fast 2022-02-04 07:43:18 -07:00
bio.c block: fix rq-qos breakage from skipping rq_qos_done_bio() 2022-03-14 14:23:13 -06:00
blk-cgroup-rwstat.c blk-cgroup: Fix the recursive blkg rwstat 2021-03-05 11:32:15 -07:00
blk-cgroup-rwstat.h block: partition include/linux/blk-cgroup.h 2022-02-11 10:02:41 -07:00
blk-cgroup.c blk-cgroup: set blkg iostat after percpu stat aggregation 2022-02-15 14:13:12 -07:00
blk-cgroup.h block: don't merge across cgroup boundaries if blkcg is enabled 2022-03-14 19:14:37 -06:00
blk-core.c block: move q_usage_counter release into blk_queue_release 2022-03-08 19:40:01 -07:00
blk-crypto-fallback.c block: partition include/linux/blk-cgroup.h 2022-02-11 10:02:41 -07:00
blk-crypto-internal.h blk-crypto: show crypto capabilities in sysfs 2022-02-28 06:40:23 -07:00
blk-crypto-profile.c blk-crypto: remove blk_crypto_unregister() 2021-11-29 06:38:51 -07:00
blk-crypto-sysfs.c blk-crypto: show crypto capabilities in sysfs 2022-02-28 06:40:23 -07:00
blk-crypto.c blk-crypto: show crypto capabilities in sysfs 2022-02-28 06:40:23 -07:00
blk-flush.c block: pass a block_device and opf to bio_init 2022-02-02 07:49:59 -07:00
blk-ia-ranges.c block: fix memory leak in disk_register_independent_access_ranges 2022-01-23 09:13:09 -07:00
blk-integrity.c blk-crypto: remove blk_crypto_unregister() 2021-11-29 06:38:51 -07:00
blk-ioc.c block: drop needless assignment in set_task_ioprio() 2021-12-23 07:10:07 -07:00
blk-iocost.c block: partition include/linux/blk-cgroup.h 2022-02-11 10:02:41 -07:00
blk-iolatency.c block: fix rq-qos breakage from skipping rq_qos_done_bio() 2022-03-14 14:23:13 -06:00
blk-ioprio.c block: partition include/linux/blk-cgroup.h 2022-02-11 10:02:41 -07:00
blk-ioprio.h block: Introduce the ioprio rq-qos policy 2021-06-21 15:03:40 -06:00
blk-lib.c blk-lib: don't check bdev_get_queue() NULL check 2022-02-15 07:51:46 -07:00
blk-map.c Merge branch 'akpm' (patches from Andrew) 2021-09-03 10:08:28 -07:00
blk-merge.c block: don't merge across cgroup boundaries if blkcg is enabled 2022-03-14 19:14:37 -06:00
blk-mq-cpumap.c blk-mq: remove the calling of local_memory_node() 2020-10-20 07:08:17 -06:00
blk-mq-debugfs-zoned.c
blk-mq-debugfs.c blk-mq: prepare for implementing hctx table via xarray 2022-03-08 17:57:19 -07:00
blk-mq-debugfs.h blk-mq: manage hctx map via xarray 2022-03-08 19:39:38 -07:00
blk-mq-pci.c
blk-mq-rdma.c
blk-mq-sched.c block: limit request dispatch loop duration 2022-03-17 20:31:43 -06:00
blk-mq-sched.h block: move blk_mq_sched_assign_ioc to blk-ioc.c 2021-11-29 06:41:29 -07:00
blk-mq-sysfs.c blk-mq: prepare for implementing hctx table via xarray 2022-03-08 17:57:19 -07:00
blk-mq-tag.c blk-mq: manage hctx map via xarray 2022-03-08 19:39:38 -07:00
blk-mq-tag.h blk-mq: Delete busy_iter_fn 2021-12-06 13:18:47 -07:00
blk-mq-virtio.c blk-mq: Fix typo in comment 2020-03-17 20:55:21 +01:00
blk-mq.c block: flush plug based on hardware and software queue order 2022-03-11 11:08:34 -07:00
blk-mq.h blk-mq: manage hctx map via xarray 2022-03-08 19:39:38 -07:00
blk-pm.c scsi: block: pm: Always set request queue runtime active in blk_post_runtime_resume() 2021-12-22 23:38:29 -05:00
blk-pm.h block: Remove unused blk_pm_*() function definitions 2021-02-22 06:33:48 -07:00
blk-rq-qos.c rq-qos: fix missed wake-ups in rq_qos_throttle try two 2021-06-08 15:12:57 -06:00
blk-rq-qos.h block: fix rq-qos breakage from skipping rq_qos_done_bio() 2022-03-14 14:23:13 -06:00
blk-settings.c block: Fix partition check for host-aware zoned block devices 2021-10-27 06:58:01 -06:00
blk-stat.c block: make queue stat accounting a reference 2021-12-14 17:23:05 -07:00
blk-stat.h block: make queue stat accounting a reference 2021-12-14 17:23:05 -07:00
blk-sysfs.c block: move blk_exit_queue into disk_release 2022-03-08 19:40:01 -07:00
blk-throttle.c block: avoid use-after-free on throttle data 2022-03-18 09:57:56 -06:00
blk-throttle.h block: revert 4f1e9630af ("blk-throtl: optimize IOPS throttle for large IO scenarios") 2022-02-16 19:42:28 -07:00
blk-timeout.c block: blk-timeout: delete duplicated word 2020-07-31 16:29:47 -06:00
blk-wbt.c blk-wbt: prevent NULL pointer dereference in wb_timer_fn 2021-10-19 06:13:41 -06:00
blk-wbt.h blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() 2021-06-21 15:03:41 -06:00
blk-zoned.c block: pass a block_device and opf to bio_init 2022-02-02 07:49:59 -07:00
blk.h blk-mq: do not include passthrough requests in I/O accounting 2022-03-08 19:39:52 -07:00
bounce.c block: partition include/linux/blk-cgroup.h 2022-02-11 10:02:41 -07:00
bsg-lib.c block: remove the gendisk argument to blk_execute_rq 2021-11-29 06:41:29 -07:00
bsg.c scsi: bsg: Fix device unregistration 2021-09-14 00:22:15 -04:00
disk-events.c block: remove genhd.h 2022-02-02 07:49:59 -07:00
elevator.c block: do more work in elevator_exit 2022-03-08 19:40:01 -07:00
elevator.h block: move elevator.h to block/ 2021-10-18 06:17:01 -06:00
fops.c block: pass a block_device and opf to bio_init 2022-02-02 07:49:59 -07:00
genhd.c block: move rq_qos_exit() into disk_release() 2022-03-08 19:40:01 -07:00
holder.c block: remove genhd.h 2022-02-02 07:49:59 -07:00
ioctl.c block: merge disk_scan_partitions and blkdev_reread_part 2021-11-29 06:35:21 -07:00
ioprio.c for-5.17/block-2022-01-11 2022-01-12 10:26:52 -08:00
Kconfig block: default BLOCK_LEGACY_AUTOLOAD to y 2022-02-27 14:49:23 -07:00
Kconfig.iosched block: only build the icq tracking code when needed 2021-12-16 10:59:02 -07:00
kyber-iosched.c block: make queue stat accounting a reference 2021-12-14 17:23:05 -07:00
Makefile blk-crypto: show crypto capabilities in sysfs 2022-02-28 06:40:23 -07:00
mq-deadline.c block: fix async_depth sysfs interface for mq-deadline 2022-01-20 10:54:02 -07:00
opal_proto.h block: sed-opal: Change the check condition for regular session validity 2020-03-12 08:00:10 -06:00
sed-opal.c block: remove genhd.h 2022-02-02 07:49:59 -07:00
t10-pi.c block: move integrity handling out of <linux/blkdev.h> 2021-10-18 06:17:02 -06:00