CVE-2021-47412

Summary

In the Linux kernel, the following vulnerability has been resolved:

block: don't call rq_qos_ops->done_bio if the bio isn't tracked

rq_qos framework is only applied on request based driver, so:

  1. rq_qos_done_bio() needn't to be called for bio based driver

  2. rq_qos_done_bio() needn't to be called for bio which isn't tracked, such as bios ended from error handling code.

Especially in bio_endio():

  1. request queue is referred via bio->bi_bdev->bd_disk->queue, which may be gone since request queue refcount may not be held in above two cases

  2. q->rq_qos may be freed in blk_cleanup_queue() when calling into __rq_qos_done_bio()

Fix the potential kernel panic by not calling rq_qos_ops->done_bio if the bio isn't tracked. This way is safe because both ioc_rqos_done_bio() and blkcg_iolatency_done_bio() are nop if the bio isn't tracked.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux67b42d0bf7a8fd1ec0cf1acdc9550e688d7c8578 < db60edbfff332a6a5477c367af8125f034570989affected
LinuxLinux67b42d0bf7a8fd1ec0cf1acdc9550e688d7c8578 < 004b8f8a691205a93d9e80d98b786b2b97424d6eaffected
LinuxLinux67b42d0bf7a8fd1ec0cf1acdc9550e688d7c8578 < a647a524a46736786c95cdb553a070322ca096e3affected
LinuxLinux4.19affected
LinuxLinux0 < 4.19unaffected
LinuxLinux5.10.241 <= 5.10.*unaffected
LinuxLinux5.14.11 <= 5.14.*unaffected
LinuxLinux5.15 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References