Hi,
在 2023/02/21 6:52, Linus Torvalds 写道:
On Thu, Feb 16, 2023 at 6:54 PM Jens Axboe <axboe@xxxxxxxxx> wrote:
I've pushed a merged branch here:
https://git.kernel.dk/cgit/linux-block/log/?h=for-6.3/block-merged
Hmm. I do verify against suggested merges after doing my own (even
when your suggested merge was then made stale by another later
addition), and I think your merge was wrong wrt bfq_sync_bfqq_move(),
which in your version does the bfq_release_process_ref() before doing
the bic_set_bfqq().
It's right this is wrong, I think this happened as following:
1) bfq_sync_bfqq_move() is introduced in commit 9778369a2d6c ("block,
bfq: split sync bfq_queues on a per-actuator basis"), which is merged to
for-6.3 branch.
2) commit 64dc8c732f5c ("block, bfq: fix possible uaf for 'bfqq->bic'")
is merged to mainline.
3) later, the fix for 2) b600de2d7d3a ("block, bfq: fix uaf for bfqq in
bic_set_bfqq()") is merged to mainline as well, however, I missed the
change in bfq_sync_bfqq_move() in for-6.3 brach.
4) At last, 1) is merged to mainline with some rebase, this is how
bfq_check_ioprio_change() is fixed, however, bfq_sync_bfqq_move() is
still problematic.
Thanks,
Kuai
IOW, I think your merge essentially dropped one of the fixes in commit
b600de2d7d3a ("block, bfq: fix uaf for bfqq in bic_set_bfqq()").
Maybe there were reasons why that ordering wasn't required any more,
but it looks funky (and you appear to have correctly merged the other
case in bfq_check_ioprio_change()).
Anyway, this is just a nit-picky email saying that I'm pretty sure
I've done the merge right, but since it doesn't match what you did, I
thought I'd mention it.
Worth double-checking this, in other words. I realize you're mostly
afk this week, so whenever you're back.
Linus
.
