[PATCH 3/3] blk-mq: avoid access hctx->tags->cpumask before allocation
Chris J Arges
chris.j.arges at canonical.com
Wed Sep 23 13:57:32 UTC 2015
Which tree did this patch come from? I don't see it in mainline.
If it isn't in mainline, it would also be good to explain if this needed
in Wily/4.2 as well.
--chris
On 09/23/2015 02:56 AM, AceLan Kao wrote:
> From: Akinobu Mita <akinobu.mita at gmail.com>
>
> BugLink: http://bugs.launchpad.net/bugs/1498778
>
> When unmapped hw queue is remapped after CPU topology is changed,
> hctx->tags->cpumask is set before hctx->tags is allocated in
> blk_mq_map_swqueue().
>
> In order to fix this null pointer dereference, hctx->tags must be
> allocated before configuring hctx->tags->cpumask.
>
> Fixes: f26cdc8536 ("blk-mq: Shared tag enhancements")
> Signed-off-by: Akinobu Mita <akinobu.mita at gmail.com>
> Cc: Keith Busch <keith.busch at intel.com>
> Cc: Jens Axboe <axboe at kernel.dk>
> Cc: Ming Lei <tom.leiming at gmail.com>
>
> Signed-off-by: AceLan Kao <acelan.kao at canonical.com>
> ---
> block/blk-mq.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/block/blk-mq.c b/block/blk-mq.c
> index 9ea3230..74f7087 100644
> --- a/block/blk-mq.c
> +++ b/block/blk-mq.c
> @@ -1783,7 +1783,6 @@ static void blk_mq_map_swqueue(struct request_queue *q)
>
> hctx = q->mq_ops->map_queue(q, i);
> cpumask_set_cpu(i, hctx->cpumask);
> - cpumask_set_cpu(i, hctx->tags->cpumask);
> ctx->index_hw = hctx->nr_ctx;
> hctx->ctxs[hctx->nr_ctx++] = ctx;
> }
> @@ -1814,6 +1813,14 @@ static void blk_mq_map_swqueue(struct request_queue *q)
> hctx->next_cpu = cpumask_first(hctx->cpumask);
> hctx->next_cpu_batch = BLK_MQ_CPU_WORK_BATCH;
> }
> +
> + queue_for_each_ctx(q, ctx, i) {
> + if (!cpu_online(i))
> + continue;
> +
> + hctx = q->mq_ops->map_queue(q, i);
> + cpumask_set_cpu(i, hctx->tags->cpumask);
> + }
> }
>
> static void blk_mq_update_tag_set_depth(struct blk_mq_tag_set *set)
>
More information about the kernel-team
mailing list