[RFC PATCH 0/1] block/cfq : Include check to avoid NULL Pointer

[RFC PATCH 0/1] block/cfq : Include check to avoid NULL Pointer

[Leonardo Bras]

I believe to have found a NULL pointer dereference on the code, but as
I am new to this code I would like the opinion of more experienced people.

I am not sure if it is the right procedure to send it here, since this file
is not on the tree since v4.20. But as it still affects many stable releases,
I think it's worth the try.

Please let me know if there is a better procedure on this.

Leonardo Bras (1):
  block/cfq : Include check to avoid NULL Pointer Dereferencing

 block/cfq-iosched.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

-- 
2.20.1

[RFC PATCH 1/1] block/cfq : Include check to avoid NULL Pointer Dereferencing

[Leonardo Bras]

Checks if cfqg is a valid pointer before dereferencing.

There is a explicit chance for cfqg = cfq_get_next_cfqg() to return NULL,
so 'cfqg->saved_wl_slice' would be a Null dereferencing.

Signed-off-by: Leonardo Bras <leonardo@linux.ibm.com>
---
 block/cfq-iosched.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/block/cfq-iosched.c b/block/cfq-iosched.c
index 2eb87444b157..2c5dd5a295ee 100644
--- a/block/cfq-iosched.c
+++ b/block/cfq-iosched.c
@@ -3210,9 +3210,13 @@ static struct cfq_group *cfq_get_next_cfqg(struct cfq_data *cfqd)
 
 static void cfq_choose_cfqg(struct cfq_data *cfqd)
 {
-	struct cfq_group *cfqg = cfq_get_next_cfqg(cfqd);
+	struct cfq_group *cfqg;
 	u64 now = ktime_get_ns();
 
+	cfqg = cfq_get_next_cfqg(cfqd);
+	if (unlikely(!cfqg))
+		return;
+
 	cfqd->serving_group = cfqg;
 
 	/* Restore the workload type data */
-- 
2.20.1