In the Linux kernel, the following vulnerability has been resolved:
blk-mq: make sure active queue usage is held for biointegrityprep()
blkintegrityunregister() can come if queue usage counter isn't held for one bio with integrity prepared, so this request may be completed with calling profile->complete_fn, then kernel panic.
Another constraint is that biointegrityprep() needs to be called before bio merge.
Fix the issue by:
call biointegrityprep() with one queue usage counter grabbed reliably
call biointegrityprep() before bio merge