CVE-2022-50554

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> blk-mq: avoid double -&gt;queue_rq() because of early timeout<br /> <br /> David Jeffery found one double -&gt;queue_rq() issue, so far it can<br /> be triggered in VM use case because of long vmexit latency or preempt<br /> latency of vCPU pthread or long page fault in vCPU pthread, then block<br /> IO req could be timed out before queuing the request to hardware but after<br /> calling blk_mq_start_request() during -&gt;queue_rq(), then timeout handler<br /> may handle it by requeue, then double -&gt;queue_rq() is caused, and kernel<br /> panic.<br /> <br /> So far, it is driver&amp;#39;s responsibility to cover the race between timeout<br /> and completion, so it seems supposed to be solved in driver in theory,<br /> given driver has enough knowledge.<br /> <br /> But it is really one common problem, lots of driver could have similar<br /> issue, and could be hard to fix all affected drivers, even it isn&amp;#39;t easy<br /> for driver to handle the race. So David suggests this patch by draining<br /> in-progress -&gt;queue_rq() for solving this issue.