* [axboe-block:for-5.18/block 125/127] block/blk-throttle.c:1188 throtl_pending_timer_fn() error: we previously assumed 'tg' could be null (see line 1146)
@ 2022-03-19 4:50 kernel test robot
0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2022-03-19 4:50 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 8393 bytes --]
CC: kbuild-all(a)lists.01.org
BCC: lkp(a)intel.com
CC: linux-kernel(a)vger.kernel.org
TO: Ming Lei <ming.lei@redhat.com>
CC: Jens Axboe <axboe@kernel.dk>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block.git for-5.18/block
head: 8f9e7b65f833cb9a4b2e2f54a049d74df394d906
commit: ee37eddbfa9e0401f13a01691cf4bbbacd2d16c9 [125/127] block: avoid use-after-free on throttle data
:::::: branch date: 13 hours ago
:::::: commit date: 13 hours ago
config: openrisc-randconfig-m031-20220318 (https://download.01.org/0day-ci/archive/20220319/202203191245.PiGwwAAl-lkp(a)intel.com/config)
compiler: or1k-linux-gcc (GCC) 11.2.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
smatch warnings:
block/blk-throttle.c:1188 throtl_pending_timer_fn() error: we previously assumed 'tg' could be null (see line 1146)
vim +/tg +1188 block/blk-throttle.c
e43473b7f223ec Vivek Goyal 2010-09-15 1117
c79892c5576163 Shaohua Li 2017-03-27 1118 static bool throtl_can_upgrade(struct throtl_data *td,
c79892c5576163 Shaohua Li 2017-03-27 1119 struct throtl_grp *this_tg);
6e1a5704cbbd24 Tejun Heo 2013-05-14 1120 /**
6e1a5704cbbd24 Tejun Heo 2013-05-14 1121 * throtl_pending_timer_fn - timer function for service_queue->pending_timer
216382dccb2e0c Bart Van Assche 2019-05-30 1122 * @t: the pending_timer member of the throtl_service_queue being serviced
6e1a5704cbbd24 Tejun Heo 2013-05-14 1123 *
6e1a5704cbbd24 Tejun Heo 2013-05-14 1124 * This timer is armed when a child throtl_grp with active bio's become
6e1a5704cbbd24 Tejun Heo 2013-05-14 1125 * pending and queued on the service_queue's pending_tree and expires when
6e1a5704cbbd24 Tejun Heo 2013-05-14 1126 * the first child throtl_grp should be dispatched. This function
2e48a530a3a7da Tejun Heo 2013-05-14 1127 * dispatches bio's from the children throtl_grps to the parent
2e48a530a3a7da Tejun Heo 2013-05-14 1128 * service_queue.
2e48a530a3a7da Tejun Heo 2013-05-14 1129 *
2e48a530a3a7da Tejun Heo 2013-05-14 1130 * If the parent's parent is another throtl_grp, dispatching is propagated
2e48a530a3a7da Tejun Heo 2013-05-14 1131 * by either arming its pending_timer or repeating dispatch directly. If
2e48a530a3a7da Tejun Heo 2013-05-14 1132 * the top-level service_tree is reached, throtl_data->dispatch_work is
2e48a530a3a7da Tejun Heo 2013-05-14 1133 * kicked so that the ready bio's are issued.
6e1a5704cbbd24 Tejun Heo 2013-05-14 1134 */
e99e88a9d2b067 Kees Cook 2017-10-16 1135 static void throtl_pending_timer_fn(struct timer_list *t)
69df0ab030c94e Tejun Heo 2013-05-14 1136 {
e99e88a9d2b067 Kees Cook 2017-10-16 1137 struct throtl_service_queue *sq = from_timer(sq, t, pending_timer);
2e48a530a3a7da Tejun Heo 2013-05-14 1138 struct throtl_grp *tg = sq_to_tg(sq);
69df0ab030c94e Tejun Heo 2013-05-14 1139 struct throtl_data *td = sq_to_td(sq);
2e48a530a3a7da Tejun Heo 2013-05-14 1140 struct throtl_service_queue *parent_sq;
ee37eddbfa9e04 Ming Lei 2022-03-18 1141 struct request_queue *q;
2e48a530a3a7da Tejun Heo 2013-05-14 1142 bool dispatched;
6e1a5704cbbd24 Tejun Heo 2013-05-14 1143 int ret;
e43473b7f223ec Vivek Goyal 2010-09-15 1144
ee37eddbfa9e04 Ming Lei 2022-03-18 1145 /* throtl_data may be gone, so figure out request queue by blkg */
ee37eddbfa9e04 Ming Lei 2022-03-18 @1146 if (tg)
ee37eddbfa9e04 Ming Lei 2022-03-18 1147 q = tg->pd.blkg->q;
ee37eddbfa9e04 Ming Lei 2022-03-18 1148 else
ee37eddbfa9e04 Ming Lei 2022-03-18 1149 q = td->queue;
ee37eddbfa9e04 Ming Lei 2022-03-18 1150
0d945c1f966b2b Christoph Hellwig 2018-11-15 1151 spin_lock_irq(&q->queue_lock);
ee37eddbfa9e04 Ming Lei 2022-03-18 1152
ee37eddbfa9e04 Ming Lei 2022-03-18 1153 if (!q->root_blkg)
ee37eddbfa9e04 Ming Lei 2022-03-18 1154 goto out_unlock;
ee37eddbfa9e04 Ming Lei 2022-03-18 1155
c79892c5576163 Shaohua Li 2017-03-27 1156 if (throtl_can_upgrade(td, NULL))
c79892c5576163 Shaohua Li 2017-03-27 1157 throtl_upgrade_state(td);
c79892c5576163 Shaohua Li 2017-03-27 1158
2e48a530a3a7da Tejun Heo 2013-05-14 1159 again:
2e48a530a3a7da Tejun Heo 2013-05-14 1160 parent_sq = sq->parent_sq;
2e48a530a3a7da Tejun Heo 2013-05-14 1161 dispatched = false;
e43473b7f223ec Vivek Goyal 2010-09-15 1162
7f52f98c2a8333 Tejun Heo 2013-05-14 1163 while (true) {
fda6f272c77a7a Tejun Heo 2013-05-14 1164 throtl_log(sq, "dispatch nr_queued=%u read=%u write=%u",
2e48a530a3a7da Tejun Heo 2013-05-14 1165 sq->nr_queued[READ] + sq->nr_queued[WRITE],
2e48a530a3a7da Tejun Heo 2013-05-14 1166 sq->nr_queued[READ], sq->nr_queued[WRITE]);
e43473b7f223ec Vivek Goyal 2010-09-15 1167
7f52f98c2a8333 Tejun Heo 2013-05-14 1168 ret = throtl_select_dispatch(sq);
7f52f98c2a8333 Tejun Heo 2013-05-14 1169 if (ret) {
7f52f98c2a8333 Tejun Heo 2013-05-14 1170 throtl_log(sq, "bios disp=%u", ret);
7f52f98c2a8333 Tejun Heo 2013-05-14 1171 dispatched = true;
651930bc1c2a25 Tejun Heo 2013-05-14 1172 }
e43473b7f223ec Vivek Goyal 2010-09-15 1173
7f52f98c2a8333 Tejun Heo 2013-05-14 1174 if (throtl_schedule_next_dispatch(sq, false))
7f52f98c2a8333 Tejun Heo 2013-05-14 1175 break;
7f52f98c2a8333 Tejun Heo 2013-05-14 1176
7f52f98c2a8333 Tejun Heo 2013-05-14 1177 /* this dispatch windows is still open, relax and repeat */
0d945c1f966b2b Christoph Hellwig 2018-11-15 1178 spin_unlock_irq(&q->queue_lock);
7f52f98c2a8333 Tejun Heo 2013-05-14 1179 cpu_relax();
0d945c1f966b2b Christoph Hellwig 2018-11-15 1180 spin_lock_irq(&q->queue_lock);
7f52f98c2a8333 Tejun Heo 2013-05-14 1181 }
6a525600ffeb9e Tejun Heo 2013-05-14 1182
2e48a530a3a7da Tejun Heo 2013-05-14 1183 if (!dispatched)
2e48a530a3a7da Tejun Heo 2013-05-14 1184 goto out_unlock;
6e1a5704cbbd24 Tejun Heo 2013-05-14 1185
2e48a530a3a7da Tejun Heo 2013-05-14 1186 if (parent_sq) {
2e48a530a3a7da Tejun Heo 2013-05-14 1187 /* @parent_sq is another throl_grp, propagate dispatch */
2e48a530a3a7da Tejun Heo 2013-05-14 @1188 if (tg->flags & THROTL_TG_WAS_EMPTY) {
2e48a530a3a7da Tejun Heo 2013-05-14 1189 tg_update_disptime(tg);
2e48a530a3a7da Tejun Heo 2013-05-14 1190 if (!throtl_schedule_next_dispatch(parent_sq, false)) {
2e48a530a3a7da Tejun Heo 2013-05-14 1191 /* window is already open, repeat dispatching */
2e48a530a3a7da Tejun Heo 2013-05-14 1192 sq = parent_sq;
2e48a530a3a7da Tejun Heo 2013-05-14 1193 tg = sq_to_tg(sq);
2e48a530a3a7da Tejun Heo 2013-05-14 1194 goto again;
2e48a530a3a7da Tejun Heo 2013-05-14 1195 }
2e48a530a3a7da Tejun Heo 2013-05-14 1196 }
2e48a530a3a7da Tejun Heo 2013-05-14 1197 } else {
b53b072c4bb579 Baolin Wang 2020-09-07 1198 /* reached the top-level, queue issuing */
2e48a530a3a7da Tejun Heo 2013-05-14 1199 queue_work(kthrotld_workqueue, &td->dispatch_work);
2e48a530a3a7da Tejun Heo 2013-05-14 1200 }
2e48a530a3a7da Tejun Heo 2013-05-14 1201 out_unlock:
0d945c1f966b2b Christoph Hellwig 2018-11-15 1202 spin_unlock_irq(&q->queue_lock);
6e1a5704cbbd24 Tejun Heo 2013-05-14 1203 }
e43473b7f223ec Vivek Goyal 2010-09-15 1204
:::::: The code at line 1188 was first introduced by commit
:::::: 2e48a530a3a7daebd0cc17866304a36d39b611de blk-throttle: make throtl_pending_timer_fn() ready for hierarchy
:::::: TO: Tejun Heo <tj@kernel.org>
:::::: CC: Tejun Heo <tj@kernel.org>
---
0-DAY CI Kernel Test Service
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-03-19 4:50 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-03-19 4:50 [axboe-block:for-5.18/block 125/127] block/blk-throttle.c:1188 throtl_pending_timer_fn() error: we previously assumed 'tg' could be null (see line 1146) kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.