[PATCH 1/1] block: fix potential infinite loop in the negative branch in __submit_bio_noacct_mq()
From: Sergei Shtepa
Date: Tue Mar 23 2021 - 07:50:12 EST
When the blk_crypto_bio_prep() function returns false, the processing
of the bio request must end. Repeated access to blk_crypto_bio_prep()
for this same bio may lead to access to already released data, since in
this case the bio_endio() function was already called for bio.
The changes allow to leave the processing of the failed bio and
go to the next one from the bio_list.
The error can only occur when using inline encryption on
request-based blk-mq devices and something went wrong in the
__blk_crypto_bio_prep().
Signed-off-by: Sergei Shtepa <sergei.shtepa@xxxxxxxxx>
---
block/blk-core.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/block/blk-core.c b/block/blk-core.c
index fc60ff208497..825df223b01d 100644
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -1005,13 +1005,12 @@ static blk_qc_t __submit_bio_noacct_mq(struct bio *bio)
if (unlikely(bio_queue_enter(bio) != 0))
continue;
- if (!blk_crypto_bio_prep(&bio)) {
+ if (blk_crypto_bio_prep(&bio))
+ ret = blk_mq_submit_bio(bio);
+ else {
blk_queue_exit(disk->queue);
ret = BLK_QC_T_NONE;
- continue;
}
-
- ret = blk_mq_submit_bio(bio);
} while ((bio = bio_list_pop(&bio_list[0])));
current->bio_list = NULL;
--
2.20.1