CVE-2021-47412

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> block: don&amp;#39;t call rq_qos_ops-&gt;done_bio if the bio isn&amp;#39;t tracked<br /> <br /> rq_qos framework is only applied on request based driver, so:<br /> <br /> 1) rq_qos_done_bio() needn&amp;#39;t to be called for bio based driver<br /> <br /> 2) rq_qos_done_bio() needn&amp;#39;t to be called for bio which isn&amp;#39;t tracked,<br /> such as bios ended from error handling code.<br /> <br /> Especially in bio_endio():<br /> <br /> 1) request queue is referred via bio-&gt;bi_bdev-&gt;bd_disk-&gt;queue, which<br /> may be gone since request queue refcount may not be held in above two<br /> cases<br /> <br /> 2) q-&gt;rq_qos may be freed in blk_cleanup_queue() when calling into<br /> __rq_qos_done_bio()<br /> <br /> Fix the potential kernel panic by not calling rq_qos_ops-&gt;done_bio if<br /> the bio isn&amp;#39;t tracked. This way is safe because both ioc_rqos_done_bio()<br /> and blkcg_iolatency_done_bio() are nop if the bio isn&amp;#39;t tracked.