From patchwork Thu Jan  4 11:06:07 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Joseph Qi <jiangqi903@gmail.com>
X-Patchwork-Id: 10144467
Return-Path: <linux-block-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	89F7260594 for <patchwork-linux-block@patchwork.kernel.org>;
	Thu,  4 Jan 2018 11:06:28 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 695EB2811A
	for <patchwork-linux-block@patchwork.kernel.org>;
	Thu,  4 Jan 2018 11:06:28 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 5BF492846F; Thu,  4 Jan 2018 11:06:28 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM,
	RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D30362811A
	for <patchwork-linux-block@patchwork.kernel.org>;
	Thu,  4 Jan 2018 11:06:26 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752642AbeADLG0 (ORCPT
	<rfc822;patchwork-linux-block@patchwork.kernel.org>);
	Thu, 4 Jan 2018 06:06:26 -0500
Received: from mail-ot0-f194.google.com ([74.125.82.194]:46527 "EHLO
	mail-ot0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752605AbeADLGZ (ORCPT
	<rfc822; linux-block@vger.kernel.org>); Thu, 4 Jan 2018 06:06:25 -0500
Received: by mail-ot0-f194.google.com with SMTP id v40so1008523ote.13
	for <linux-block@vger.kernel.org>;
	Thu, 04 Jan 2018 03:06:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:subject:to:cc:message-id:date:user-agent:mime-version
	:content-language:content-transfer-encoding;
	bh=vD/QjZ9KDPGR8rgKcn3NhXt26unpQmpsek1Ptf665aI=;
	b=gMNXqqS1tEYuUVmpxpiDl7nfuvMvGvvPSCC2TPnO+e9tMse4E9aqcL6BldDfX3EzdG
	jmyN4nW5mYz+V+9GA58QYeFcQkakWZ/mHUqzRyuDVCuydjn3SYqFE67/bYiPSuCCWWMY
	ZuL7Hz/rZqRfnuZiy6hVnqH6CQ5XNfHvvFNPYU+cmHEg8PFZ/71XSq6jiR2rUOq+2o7M
	83HbSANZblMFjPr6DFVzeC0/sY/ceeLOQn4SJT2hbSg5QsOuUmeFNfW9Suwi1kAT7Ftb
	eJ+CuQsfk0/nMZwGWl+m2ELbMAl754LyzdKMe7lB9jKYX+YcI6awXvM8TSdYVyVPNhK/
	hdfA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:subject:to:cc:message-id:date:user-agent
	:mime-version:content-language:content-transfer-encoding;
	bh=vD/QjZ9KDPGR8rgKcn3NhXt26unpQmpsek1Ptf665aI=;
	b=b0oyknbek+2tLue0PyXV0ObXqlI+wvRy3AgF4GQn0fuJj+YBKVlVkGSamYPXNrIBE3
	r96Xey5M2lQBg/HOJqXbAMLYhkzY3cnNfwQ40i0egy9/qIanWX6SU+OuIYMvdB4w3902
	vED17ID4dzmYxW7BxHclXIiDdyvZdaAECkPkJdCl7qPw0WaMDal0UcpJQmAsG8z9rvEx
	enYm1ZpwKK/TECR1JcKDI2D39MZK58W9CgDtK0yF6BPHDo1ZSNW8sDDa0kZ//nWvx0w2
	RvDpXmxHnqUD9y/KEKq3l2M/9gPzEAFwhnhTHXXcIpeVa86aLcZ3g0qUb8KOB+Slhp8i
	FS0Q==
X-Gm-Message-State: AKGB3mJPvtNe07H1sQsq4lOGdGktYJeiFGz3Pqe89xK9FJjwEKtw/b7K
	OsgyeEImvPsgxSy8ywUE8F1AB5l+
X-Google-Smtp-Source: 
 ACJfBouIKs9/REJDnVQhmx0lW+hMn+fZSuxcAPh1XRC32TL6NZTpK5sklpBeezv5t4CLaD5P5CtIag==
X-Received: by 10.157.82.98 with SMTP id q34mr2932803otg.100.1515063985076;
	Thu, 04 Jan 2018 03:06:25 -0800 (PST)
Received: from JosephdeMacBook-Pro.local ([205.204.117.3])
	by smtp.gmail.com with ESMTPSA id
	o49sm1456481oto.28.2018.01.04.03.06.18
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 04 Jan 2018 03:06:24 -0800 (PST)
From: Joseph Qi <jiangqi903@gmail.com>
Subject: [PATCH 1/3] blk-throttle: fix NULL pointer dereference risk in
	throtl_select_dispatch
To: Jens Axboe <axboe@kernel.dk>
Cc: jinli.zjl@alibaba-inc.com, qijiang.qj@alibaba-inc.com,
	linux-block <linux-block@vger.kernel.org>
Message-ID: <63f2dcbe-6524-82b8-adff-66a860443f65@gmail.com>
Date: Thu, 4 Jan 2018 19:06:07 +0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:52.0)
	Gecko/20100101 Thunderbird/52.5.0
MIME-Version: 1.0
Content-Language: en-US
Sender: linux-block-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-block.vger.kernel.org>
X-Mailing-List: linux-block@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: Joseph Qi <qijiang.qj@alibaba-inc.com>

tg in throtl_select_dispatch is used first and then do check. Since tg
may be NULL, it has potential NULL pointer dereference risk. So fix it.

Signed-off-by: Joseph Qi <qijiang.qj@alibaba-inc.com>
---
 block/blk-throttle.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/block/blk-throttle.c b/block/blk-throttle.c
index 9052f4e..a0bae2c 100644
--- a/block/blk-throttle.c
+++ b/block/blk-throttle.c
@@ -1228,7 +1228,7 @@ static int throtl_select_dispatch(struct throtl_service_queue *parent_sq)
 
 	while (1) {
 		struct throtl_grp *tg = throtl_rb_first(parent_sq);
-		struct throtl_service_queue *sq = &tg->service_queue;
+		struct throtl_service_queue *sq;
 
 		if (!tg)
 			break;
@@ -1240,6 +1240,7 @@ static int throtl_select_dispatch(struct throtl_service_queue *parent_sq)
 
 		nr_disp += throtl_dispatch_tg(tg);
 
+		sq = &tg->service_queue;
 		if (sq->nr_queued[0] || sq->nr_queued[1])
 			tg_update_disptime(tg);