On 9/8/23 02:57, chengming.zhou@xxxxxxxxx wrote:
From: Chengming Zhou <zhouchengming@xxxxxxxxxxxxx>
When nr_hw_queues shrink, we free the excess tags before realloc
hw_ctxs for each queue, during that we may need to access those
tags, like blk_mq_tag_idle(hctx) will access queue shared tags.
So slab-use-after-free caused and reported by KASAN. Fix it by
moving the releasing of excess tags to the end.
Fixes: e1dd7bc93029 ("blk-mq: fix tags leak when shrink nr_hw_queues")
Reported-by: Yi Zhang <yi.zhang@xxxxxxxxxx>
Closes: https://lore.kernel.org/all/CAHj4cs_CK63uoDpGBGZ6DN4OCTpzkR3UaVgK=LX8Owr8ej2ieQ@xxxxxxxxxxxxxx/
Cc: Ming Lei <ming.lei@xxxxxxxxxx>
Signed-off-by: Chengming Zhou <zhouchengming@xxxxxxxxxxxxx>
---
block/blk-mq.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
Reviewed-by: Hannes Reinecke <hare@xxxxxxx>
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@xxxxxxx +49 911 74053 688
SUSE Software Solutions GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), Geschäftsführer: Ivo Totev, Andrew
Myers, Andrew McDonald, Martje Boudien Moerman
