Skip queue mapping for shared tag sets. This patch fixes the following bug:
==================================================================
BUG: KASAN: null-ptr-deref in null_map_queues+0x131/0x1a0 [null_blk]
Read of size 8 at addr 0000000000000000 by task modprobe/4320
CPU: 9 PID: 4320 Comm: modprobe Tainted: G E 5.15.0-rc2-dbg+ #2
Call Trace:
show_stack+0x52/0x58
dump_stack_lvl+0x49/0x5e
kasan_report.cold+0x64/0xdb
__asan_load8+0x69/0x90
null_map_queues+0x131/0x1a0 [null_blk]
blk_mq_update_queue_map+0x122/0x1a0
blk_mq_alloc_tag_set+0x1e8/0x570
null_init_tag_set+0x197/0x220 [null_blk]
null_init+0x1dc/0x1000 [null_blk]
do_one_initcall+0xc7/0x440
do_init_module+0x10a/0x3d0
load_module+0x115c/0x1220
__do_sys_finit_module+0x124/0x1a0
__x64_sys_finit_module+0x42/0x50
do_syscall_64+0x35/0xb0
entry_SYSCALL_64_after_hwframe+0x44/0xae
Cc: Christoph Hellwig <hch@xxxxxx>
Cc: Damien Le Moal <damien.lemoal@xxxxxxx>
Cc: Chaitanya Kulkarni <chaitanya.kulkarni@xxxxxxx>
Fixes: 5f7acddf706c ("null_blk: poll queue support")
Signed-off-by: Bart Van Assche <bvanassche@xxxxxxx>
---
drivers/block/null_blk/main.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/block/null_blk/main.c b/drivers/block/null_blk/main.c
index eb5cfe189e90..62b7036f5e8d 100644
--- a/drivers/block/null_blk/main.c
+++ b/drivers/block/null_blk/main.c
@@ -1472,13 +1472,15 @@ static int null_map_queues(struct blk_mq_tag_set *set)
switch (i) {
case HCTX_TYPE_DEFAULT:
- map->nr_queues = nullb->dev->submit_queues;
+ map->nr_queues = nullb ? nullb->dev->submit_queues :
+ g_submit_queues;
break;
case HCTX_TYPE_READ:
map->nr_queues = 0;
continue;
case HCTX_TYPE_POLL:
- map->nr_queues = nullb->dev->poll_queues;
+ map->nr_queues =
+ nullb ? nullb->dev->poll_queues : g_poll_queues;
break;
}
map->queue_offset = qoff;
