From: Shinichiro Kawasaki <shinichiro.kawasaki@wdc.com>
To: Yu Kuai <yukuai1@huaweicloud.com>
Cc: "linux-block@vger.kernel.org" <linux-block@vger.kernel.org>,
Paolo Valente <paolo.valente@linaro.org>, Jan Kara <jack@suse.cz>,
"yukuai (C)" <yukuai3@huawei.com>
Subject: Re: [bug report] BUG: KASAN: use-after-free in bic_set_bfqq
Date: Thu, 12 Jan 2023 13:18:36 +0000 [thread overview]
Message-ID: <20230112131836.vvbckhhefjp5bmgn@shindev> (raw)
In-Reply-To: <3cbab38c-5b8d-131a-d80a-886a0febc692@huaweicloud.com>
On Jan 12, 2023 / 19:53, Yu Kuai wrote:
> Hi,
>
> 在 2023/01/12 19:47, Yu Kuai 写道:
> > Thanks for the report, is the problem easy to reporduce? If so, can you
> > try the following patch?
> >
> > diff --git a/block/bfq-cgroup.c b/block/bfq-cgroup.c
> > index 1b2829e99dad..81d2f401fa3f 100644
> > --- a/block/bfq-cgroup.c
> > +++ b/block/bfq-cgroup.c
> > @@ -771,8 +771,8 @@ static void __bfq_bic_change_cgroup(struct bfq_data
> > *bfqd,
> > * request from the old cgroup.
> > */
> > bfq_put_cooperator(sync_bfqq);
> > - bfq_release_process_ref(bfqd, sync_bfqq);
> > bic_set_bfqq(bic, NULL, true);
> > + bfq_release_process_ref(bfqd, sync_bfqq);
> > }
> > }
> > }
> >
> Just in case you hit the problem in another place, please using the
> following patch:
>
> diff --git a/block/bfq-cgroup.c b/block/bfq-cgroup.c
> index 1b2829e99dad..81d2f401fa3f 100644
> --- a/block/bfq-cgroup.c
> +++ b/block/bfq-cgroup.c
> @@ -771,8 +771,8 @@ static void __bfq_bic_change_cgroup(struct bfq_data
> *bfqd,
> * request from the old cgroup.
> */
> bfq_put_cooperator(sync_bfqq);
> - bfq_release_process_ref(bfqd, sync_bfqq);
> bic_set_bfqq(bic, NULL, true);
> + bfq_release_process_ref(bfqd, sync_bfqq);
> }
> }
> }
> diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c
> index 16f43bbc575a..687285612e57 100644
> --- a/block/bfq-iosched.c
> +++ b/block/bfq-iosched.c
> @@ -5425,9 +5425,10 @@ static void bfq_check_ioprio_change(struct bfq_io_cq
> *bic, struct bio *bio)
>
> bfqq = bic_to_bfqq(bic, false);
> if (bfqq) {
> - bfq_release_process_ref(bfqd, bfqq);
> + struct bfq_queue *old_bfqq = bfqq;
> bfqq = bfq_get_queue(bfqd, bio, false, bic, true);
> bic_set_bfqq(bic, bfqq, false);
> + bfq_release_process_ref(bfqd, old_bfqq);
> }
>
> bfqq = bic_to_bfqq(bic, true);
>
Ah, I've just noticed this e-mail. Will test this patch tomorrow.
--
Shin'ichiro Kawasaki
next prev parent reply other threads:[~2023-01-12 13:18 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-12 11:38 [bug report] BUG: KASAN: use-after-free in bic_set_bfqq Shinichiro Kawasaki
2023-01-12 11:47 ` Yu Kuai
2023-01-12 11:53 ` Yu Kuai
2023-01-12 13:18 ` Shinichiro Kawasaki [this message]
2023-01-13 1:04 ` Shinichiro Kawasaki
2023-01-13 1:11 ` Yu Kuai
2023-01-12 13:14 ` Shinichiro Kawasaki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230112131836.vvbckhhefjp5bmgn@shindev \
--to=shinichiro.kawasaki@wdc.com \
--cc=jack@suse.cz \
--cc=linux-block@vger.kernel.org \
--cc=paolo.valente@linaro.org \
--cc=yukuai1@huaweicloud.com \
--cc=yukuai3@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.