{"id":"CVE-2022-49266","summary":"block: fix rq-qos breakage from skipping rq_qos_done_bio()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix rq-qos breakage from skipping rq_qos_done_bio()\n\na647a524a467 (\"block: don't call rq_qos_ops-\u003edone_bio if the bio isn't\ntracked\") made bio_endio() skip rq_qos_done_bio() if BIO_TRACKED is not set.\nWhile this fixed a potential oops, it also broke blk-iocost by skipping the\ndone_bio callback for merged bios.\n\nBefore, whether a bio goes through rq_qos_throttle() or rq_qos_merge(),\nrq_qos_done_bio() would be called on the bio on completion with BIO_TRACKED\ndistinguishing the former from the latter. rq_qos_done_bio() is not called\nfor bios which wenth through rq_qos_merge(). This royally confuses\nblk-iocost as the merged bios never finish and are considered perpetually\nin-flight.\n\nOne reliably reproducible failure mode is an intermediate cgroup geting\nstuck active preventing its children from being activated due to the\nleaf-only rule, leading to loss of control. The following is from\nresctl-bench protection scenario which emulates isolating a web server like\nworkload from a memory bomb run on an iocost configuration which should\nyield a reasonable level of protection.\n\n  # cat /sys/block/nvme2n1/device/model\n  Samsung SSD 970 PRO 512GB\n  # cat /sys/fs/cgroup/io.cost.model\n  259:0 ctrl=user model=linear rbps=834913556 rseqiops=93622 rrandiops=102913 wbps=618985353 wseqiops=72325 wrandiops=71025\n  # cat /sys/fs/cgroup/io.cost.qos\n  259:0 enable=1 ctrl=user rpct=95.00 rlat=18776 wpct=95.00 wlat=8897 min=60.00 max=100.00\n  # resctl-bench -m 29.6G -r out.json run protection::scenario=mem-hog,loops=1\n  ...\n  Memory Hog Summary\n  ==================\n\n  IO Latency: R p50=242u:336u/2.5m p90=794u:1.4m/7.5m p99=2.7m:8.0m/62.5m max=8.0m:36.4m/350m\n              W p50=221u:323u/1.5m p90=709u:1.2m/5.5m p99=1.5m:2.5m/9.5m max=6.9m:35.9m/350m\n\n  Isolation and Request Latency Impact Distributions:\n\n                min   p01   p05   p10   p25   p50   p75   p90   p95   p99   max  mean stdev\n  isol%       15.90 15.90 15.90 40.05 57.24 59.07 60.01 74.63 74.63 90.35 90.35 58.12 15.82\n  lat-imp%        0     0     0     0     0  4.55 14.68 15.54 233.5 548.1 548.1 53.88 143.6\n\n  Result: isol=58.12:15.82% lat_imp=53.88%:143.6 work_csv=100.0% missing=3.96%\n\nThe isolation result of 58.12% is close to what this device would show\nwithout any IO control.\n\nFix it by introducing a new flag BIO_QOS_MERGED to mark merged bios and\ncalling rq_qos_done_bio() on them too. For consistency and clarity, rename\nBIO_TRACKED to BIO_QOS_THROTTLED. The flag checks are moved into\nrq_qos_done_bio() so that it's next to the code paths that set the flags.\n\nWith the patch applied, the above same benchmark shows:\n\n  # resctl-bench -m 29.6G -r out.json run protection::scenario=mem-hog,loops=1\n  ...\n  Memory Hog Summary\n  ==================\n\n  IO Latency: R p50=123u:84.4u/985u p90=322u:256u/2.5m p99=1.6m:1.4m/9.5m max=11.1m:36.0m/350m\n              W p50=429u:274u/995u p90=1.7m:1.3m/4.5m p99=3.4m:2.7m/11.5m max=7.9m:5.9m/26.5m\n\n  Isolation and Request Latency Impact Distributions:\n\n                min   p01   p05   p10   p25   p50   p75   p90   p95   p99   max  mean stdev\n  isol%       84.91 84.91 89.51 90.73 92.31 94.49 96.36 98.04 98.71 100.0 100.0 94.42  2.81\n  lat-imp%        0     0     0     0     0  2.81  5.73 11.11 13.92 17.53 22.61  4.10  4.68\n\n  Result: isol=94.42:2.81% lat_imp=4.10%:4.68 work_csv=58.34% missing=0%","modified":"2026-04-02T08:27:27.219085Z","published":"2025-02-26T01:56:15.709Z","related":["SUSE-SU-2025:1027-1","SUSE-SU-2025:1176-1","SUSE-SU-2025:1183-1","SUSE-SU-2025:1241-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49266.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/09737db4c891eba25e6f6383a7c38afd4acc883f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/aa1b46dcdc7baaf5fec0be25782ef24b26aa209e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/af9452dfdba4bf7359ef7645eee2d243a1df0649"},{"type":"WEB","url":"https://git.kernel.org/stable/c/dbd20bb904ad5731aaca8d009367a930d6ada111"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49266.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49266"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"a647a524a46736786c95cdb553a070322ca096e3"},{"fixed":"af9452dfdba4bf7359ef7645eee2d243a1df0649"},{"fixed":"dbd20bb904ad5731aaca8d009367a930d6ada111"},{"fixed":"09737db4c891eba25e6f6383a7c38afd4acc883f"},{"fixed":"aa1b46dcdc7baaf5fec0be25782ef24b26aa209e"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"db60edbfff332a6a5477c367af8125f034570989"},{"last_affected":"004b8f8a691205a93d9e80d98b786b2b97424d6e"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49266.json"}}],"schema_version":"1.7.5"}