block, bfq: fix uaf for bfqq in bic_set_bfqq()

[platform/kernel/linux-starfive.git] / block / bfq-iosched.c

diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c
index 917939b..ff9d238 100644 (file)
--- a/block/bfq-iosched.c
+++ b/block/bfq-iosched.c
@@ -5491,9 +5491,11 @@ static void bfq_check_ioprio_change(struct bfq_io_cq *bic, struct bio *bio)
 
        bfqq = bic_to_bfqq(bic, false);
        if (bfqq) {
-               bfq_release_process_ref(bfqd, bfqq);
+               struct bfq_queue *old_bfqq = bfqq;
+
                bfqq = bfq_get_queue(bfqd, bio, false, bic, true);
                bic_set_bfqq(bic, bfqq, false);
+               bfq_release_process_ref(bfqd, old_bfqq);
        }
 
        bfqq = bic_to_bfqq(bic, true);