[PATCH v2 5/7] bfq: fix potential kernel crash when print dev err info

[PATCH v2 0/7] bdi: fix use-after-free for bdi device · Yufen Yu <hidden> · 2020-02-26
[PATCH v2 2/7] fs/ceph: use bdi_dev_name() to get device name · Yufen Yu <hidden> · 2020-02-26
[PATCH v2 1/7] blk-wbt: use bdi_dev_name() to get device name · Yufen Yu <hidden> · 2020-02-26
[PATCH v2 4/7] bdi: create a new function bdi_get_dev_name() · Yufen Yu <hidden> · 2020-02-26
[PATCH v2 6/7] memcg: fix crash in wb_workfn when bdi unregister · Yufen Yu <hidden> · 2020-02-26
[PATCH v2 5/7] bfq: fix potential kernel crash when print dev err info · Yufen Yu <hidden> · 2020-02-26
[PATCH v2 7/7] blk-wbt: replace bdi_dev_name() with bdi_get_dev_name() · Yufen Yu <hidden> · 2020-02-26
[PATCH v2 3/7] bdi: protect device lifetime with RCU · Yufen Yu <hidden> · 2020-02-26
Re: [PATCH v2 3/7] bdi: protect device lifetime with RCU · Tejun Heo <tj@kernel.org> · 2020-03-04
Re: [PATCH v2 3/7] bdi: protect device lifetime with RCU · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2020-03-04
Re: [PATCH v2 3/7] bdi: protect device lifetime with RCU · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2020-03-04
Re: [PATCH v2 3/7] bdi: protect device lifetime with RCU · Tejun Heo <tj@kernel.org> · 2020-03-04
Re: [PATCH v2 3/7] bdi: protect device lifetime with RCU · "Theodore Y. Ts'o" <tytso@mit.edu> · 2020-03-04
Re: [PATCH v2 3/7] bdi: protect device lifetime with RCU · Tejun Heo <tj@kernel.org> · 2020-03-04
Re: [PATCH v2 3/7] bdi: protect device lifetime with RCU · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2020-03-04
Re: [PATCH v2 3/7] bdi: protect device lifetime with RCU · Tejun Heo <tj@kernel.org> · 2020-03-05
Re: [PATCH v2 3/7] bdi: protect device lifetime with RCU · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2020-03-06
Re: [PATCH v2 3/7] bdi: protect device lifetime with RCU · Yufen Yu <hidden> · 2020-03-07
Re: [PATCH v2 0/7] bdi: fix use-after-free for bdi device · Greg KH <gregkh@linuxfoundation.org> · 2020-03-04
Re: [PATCH v2 0/7] bdi: fix use-after-free for bdi device · Tejun Heo <tj@kernel.org> · 2020-03-04
Re: [PATCH v2 0/7] bdi: fix use-after-free for bdi device · Greg KH <gregkh@linuxfoundation.org> · 2020-03-04
Re: [PATCH v2 0/7] bdi: fix use-after-free for bdi device · "Theodore Y. Ts'o" <tytso@mit.edu> · 2020-03-04

STALE2303d

Revisions (2)

2020-02-26 v2 current
2020-03-25 v4 [diff vs current]

From: Yufen Yu <hidden>
Date: 2020-02-26 11:11:52
Also in: linux-fsdevel
Subsystem: bfq i/o scheduler, block layer, the rest · Maintainers: Yu Kuai, Jens Axboe, Linus Torvalds

We use bdi_get_dev_name() to get device name, avoiding
use-after-free or NULL pointer reference for ->dev.

Signed-off-by: Yufen Yu <redacted>
---
 block/bfq-iosched.c         | 7 +++++--
 include/linux/backing-dev.h | 2 ++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c
index 00904611b8e4..8d41783d8e77 100644
--- a/block/bfq-iosched.c
+++ b/block/bfq-iosched.c

@@ -123,6 +123,7 @@
 #include <linux/ioprio.h>
 #include <linux/sbitmap.h>
 #include <linux/delay.h>
+#include <linux/backing-dev.h>
 
 #include "blk.h"
 #include "blk-mq.h"

@@ -4971,6 +4972,7 @@ bfq_set_next_ioprio_data(struct bfq_queue *bfqq, struct bfq_io_cq *bic)
 	struct task_struct *tsk = current;
 	int ioprio_class;
 	struct bfq_data *bfqd = bfqq->bfqd;
+	char dname[BDI_DEV_NAME_LEN];
 
 	if (!bfqd)
 		return;

@@ -4978,8 +4980,9 @@ bfq_set_next_ioprio_data(struct bfq_queue *bfqq, struct bfq_io_cq *bic)
 	ioprio_class = IOPRIO_PRIO_CLASS(bic->ioprio);
 	switch (ioprio_class) {
 	default:
-		dev_err(&bfqq->bfqd->queue->backing_dev_info->rcu_dev->dev,
-			"bfq: bad prio class %d\n", ioprio_class);
+		bdi_get_dev_name(bfqq->bfqd->queue->backing_dev_info,
+				dname, BDI_DEV_NAME_LEN);
+		pr_err("bdi %s: bfq: bad prio class %d\n", dname, ioprio_class);
 		/* fall through */
 	case IOPRIO_CLASS_NONE:
 		/*

diff --git a/include/linux/backing-dev.h b/include/linux/backing-dev.h
index 89d1cb7923f5..291db069f7da 100644
--- a/include/linux/backing-dev.h
+++ b/include/linux/backing-dev.h

@@ -19,6 +19,8 @@
 #include <linux/backing-dev-defs.h>
 #include <linux/slab.h>
 
+#define BDI_DEV_NAME_LEN       32
+
 static inline struct backing_dev_info *bdi_get(struct backing_dev_info *bdi)
 {
 	kref_get(&bdi->refcnt);

-- 
2.16.2.dirty

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help