On 12.02.25 09:32, Wentao Liang wrote:
> The function blkg_to_lat() may return NULL if the blkg is not associated
> with an iolatency group. In iolatency_set_min_lat_nsec() and
> iolatency_pd_init(), the return values are not checked, leading to
> potential NULL pointer dereferences.
>
> This patch adds checks for the return values of blkg_to_lat and let it
> returns early if it is NULL, preventing the NULL pointer dereference.
>
> Fixes: d70675121546 ("block: introduce blk-iolatency io controller")
> Cc: stable@xxxxxxxxxxxxxxx # 4.19+
> Signed-off-by: Wentao Liang <vulab@xxxxxxxxxxx>
> ---
> block/blk-iolatency.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/block/blk-iolatency.c b/block/blk-iolatency.c
> index ebb522788d97..398f0a1747c4 100644
> --- a/block/blk-iolatency.c
> +++ b/block/blk-iolatency.c
> @@ -787,6 +787,8 @@ static int blk_iolatency_init(struct gendisk *disk)
> static void iolatency_set_min_lat_nsec(struct blkcg_gq *blkg, u64 val)
> {
> struct iolatency_grp *iolat = blkg_to_lat(blkg);
> + if (!iolat)
> + return;
> struct blk_iolatency *blkiolat = iolat->blkiolat;
> u64 oldval = iolat->min_lat_nsec;
>
Uh that looks horrible. I haven't checked the surrounding code but
please please at least make it
static void iolatency_set_min_lat_nsec(struct blkcg_gq *blkg, u64 val)
{
struct iolatency_grp *iolat = blkg_to_lat(blkg);
struct blk_iolatency *blkiolat;
u64 oldval;
if (!iolat)
return;
blkiolat = iolat->blkiolat;
oldval = iolat->min_lat_nsec;
> @@ -1013,6 +1015,8 @@ static void iolatency_pd_init(struct blkg_policy_data *pd)
> */
> if (blkg->parent && blkg_to_pd(blkg->parent, &blkcg_policy_iolatency)) {
> struct iolatency_grp *parent = blkg_to_lat(blkg->parent);
> + if (!parent)
> + return;
> atomic_set(&iolat->scale_cookie,
> atomic_read(&parent->child_lat.scale_cookie));
> } else {
