CVE-2022-49266

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> block: fix rq-qos breakage from skipping rq_qos_done_bio()<br /> <br /> a647a524a467 ("block: don&amp;#39;t call rq_qos_ops-&gt;done_bio if the bio isn&amp;#39;t<br /> tracked") made bio_endio() skip rq_qos_done_bio() if BIO_TRACKED is not set.<br /> While this fixed a potential oops, it also broke blk-iocost by skipping the<br /> done_bio callback for merged bios.<br /> <br /> Before, whether a bio goes through rq_qos_throttle() or rq_qos_merge(),<br /> rq_qos_done_bio() would be called on the bio on completion with BIO_TRACKED<br /> distinguishing the former from the latter. rq_qos_done_bio() is not called<br /> for bios which wenth through rq_qos_merge(). This royally confuses<br /> blk-iocost as the merged bios never finish and are considered perpetually<br /> in-flight.<br /> <br /> One reliably reproducible failure mode is an intermediate cgroup geting<br /> stuck active preventing its children from being activated due to the<br /> leaf-only rule, leading to loss of control. The following is from<br /> resctl-bench protection scenario which emulates isolating a web server like<br /> workload from a memory bomb run on an iocost configuration which should<br /> yield a reasonable level of protection.<br /> <br /> # cat /sys/block/nvme2n1/device/model<br /> Samsung SSD 970 PRO 512GB<br /> # cat /sys/fs/cgroup/io.cost.model<br /> 259:0 ctrl=user model=linear rbps=834913556 rseqiops=93622 rrandiops=102913 wbps=618985353 wseqiops=72325 wrandiops=71025<br /> # cat /sys/fs/cgroup/io.cost.qos<br /> 259:0 enable=1 ctrl=user rpct=95.00 rlat=18776 wpct=95.00 wlat=8897 min=60.00 max=100.00<br /> # resctl-bench -m 29.6G -r out.json run protection::scenario=mem-hog,loops=1<br /> ...<br /> Memory Hog Summary<br /> ==================<br /> <br /> IO Latency: R p50=242u:336u/2.5m p90=794u:1.4m/7.5m p99=2.7m:8.0m/62.5m max=8.0m:36.4m/350m<br /> W p50=221u:323u/1.5m p90=709u:1.2m/5.5m p99=1.5m:2.5m/9.5m max=6.9m:35.9m/350m<br /> <br /> Isolation and Request Latency Impact Distributions:<br /> <br /> min p01 p05 p10 p25 p50 p75 p90 p95 p99 max mean stdev<br /> isol% 15.90 15.90 15.90 40.05 57.24 59.07 60.01 74.63 74.63 90.35 90.35 58.12 15.82<br /> lat-imp% 0 0 0 0 0 4.55 14.68 15.54 233.5 548.1 548.1 53.88 143.6<br /> <br /> Result: isol=58.12:15.82% lat_imp=53.88%:143.6 work_csv=100.0% missing=3.96%<br /> <br /> The isolation result of 58.12% is close to what this device would show<br /> without any IO control.<br /> <br /> Fix it by introducing a new flag BIO_QOS_MERGED to mark merged bios and<br /> calling rq_qos_done_bio() on them too. For consistency and clarity, rename<br /> BIO_TRACKED to BIO_QOS_THROTTLED. The flag checks are moved into<br /> rq_qos_done_bio() so that it&amp;#39;s next to the code paths that set the flags.<br /> <br /> With the patch applied, the above same benchmark shows:<br /> <br /> # resctl-bench -m 29.6G -r out.json run protection::scenario=mem-hog,loops=1<br /> ...<br /> Memory Hog Summary<br /> ==================<br /> <br /> IO Latency: R p50=123u:84.4u/985u p90=322u:256u/2.5m p99=1.6m:1.4m/9.5m max=11.1m:36.0m/350m<br /> W p50=429u:274u/995u p90=1.7m:1.3m/4.5m p99=3.4m:2.7m/11.5m max=7.9m:5.9m/26.5m<br /> <br /> Isolation and Request Latency Impact Distributions:<br /> <br /> min p01 p05 p10 p25 p50 p75 p90 p95 p99 max mean stdev<br /> isol% 84.91 84.91 89.51 90.73 92.31 94.49 96.36 98.04 98.71 100.0 100.0 94.42 2.81<br /> lat-imp% 0 0 0 0 0 2.81 5.73 11.11 13.92 17.53 22.61 4.10 4.68<br /> <br /> Result: isol=94.42:2.81% lat_imp=4.10%:4.68 work_csv=58.34% missing=0%