CVE-2022-50550

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> blk-iolatency: Fix memory leak on add_disk() failures<br /> <br /> When a gendisk is successfully initialized but add_disk() fails such as when<br /> a loop device has invalid number of minor device numbers specified,<br /> blkcg_init_disk() is called during init and then blkcg_exit_disk() during<br /> error handling. Unfortunately, iolatency gets initialized in the former but<br /> doesn&amp;#39;t get cleaned up in the latter.<br /> <br /> This is because, in non-error cases, the cleanup is performed by<br /> del_gendisk() calling rq_qos_exit(), the assumption being that rq_qos<br /> policies, iolatency being one of them, can only be activated once the disk<br /> is fully registered and visible. That assumption is true for wbt and iocost,<br /> but not so for iolatency as it gets initialized before add_disk() is called.<br /> <br /> It is desirable to lazy-init rq_qos policies because they are optional<br /> features and add to hot path overhead once initialized - each IO has to walk<br /> all the registered rq_qos policies. So, we want to switch iolatency to lazy<br /> init too. However, that&amp;#39;s a bigger change. As a fix for the immediate<br /> problem, let&amp;#39;s just add an extra call to rq_qos_exit() in blkcg_exit_disk().<br /> This is safe because duplicate calls to rq_qos_exit() become noop&amp;#39;s.