From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: "Paolo Valente" <paolo.valente@linaro.org>,
"Holger Hoffstätte" <holger@applied-asynchrony.com>,
"Jens Axboe" <axboe@kernel.dk>, "Sasha Levin" <sashal@kernel.org>,
linux-block@vger.kernel.org
Subject: [PATCH AUTOSEL 4.19 09/12] Revert "Revert "block, bfq: honor already-setup queue merges""
Date: Mon, 28 Mar 2022 07:24:14 -0400 [thread overview]
Message-ID: <20220328112417.1556946-9-sashal@kernel.org> (raw)
In-Reply-To: <20220328112417.1556946-1-sashal@kernel.org>
From: Paolo Valente <paolo.valente@linaro.org>
[ Upstream commit 15729ff8143f8135b03988a100a19e66d7cb7ecd ]
A crash [1] happened to be triggered in conjunction with commit
2d52c58b9c9b ("block, bfq: honor already-setup queue merges"). The
latter was then reverted by commit ebc69e897e17 ("Revert "block, bfq:
honor already-setup queue merges""). Yet, the reverted commit was not
the one introducing the bug. In fact, it actually triggered a UAF
introduced by a different commit, and now fixed by commit d29bd41428cf
("block, bfq: reset last_bfqq_created on group change").
So, there is no point in keeping commit 2d52c58b9c9b ("block, bfq:
honor already-setup queue merges") out. This commit restores it.
[1] https://bugzilla.kernel.org/show_bug.cgi?id=214503
Reported-by: Holger Hoffstätte <holger@applied-asynchrony.com>
Signed-off-by: Paolo Valente <paolo.valente@linaro.org>
Link: https://lore.kernel.org/r/20211125181510.15004-1-paolo.valente@linaro.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/bfq-iosched.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c
index dfd55037dc6f..a9f42df92ea3 100644
--- a/block/bfq-iosched.c
+++ b/block/bfq-iosched.c
@@ -2155,6 +2155,15 @@ bfq_setup_merge(struct bfq_queue *bfqq, struct bfq_queue *new_bfqq)
* are likely to increase the throughput.
*/
bfqq->new_bfqq = new_bfqq;
+ /*
+ * The above assignment schedules the following redirections:
+ * each time some I/O for bfqq arrives, the process that
+ * generated that I/O is disassociated from bfqq and
+ * associated with new_bfqq. Here we increases new_bfqq->ref
+ * in advance, adding the number of processes that are
+ * expected to be associated with new_bfqq as they happen to
+ * issue I/O.
+ */
new_bfqq->ref += process_refs;
return new_bfqq;
}
@@ -2214,6 +2223,10 @@ bfq_setup_cooperator(struct bfq_data *bfqd, struct bfq_queue *bfqq,
{
struct bfq_queue *in_service_bfqq, *new_bfqq;
+ /* if a merge has already been setup, then proceed with that first */
+ if (bfqq->new_bfqq)
+ return bfqq->new_bfqq;
+
/*
* Prevent bfqq from being merged if it has been created too
* long ago. The idea is that true cooperating processes, and
@@ -2228,9 +2241,6 @@ bfq_setup_cooperator(struct bfq_data *bfqd, struct bfq_queue *bfqq,
if (bfq_too_late_for_merging(bfqq))
return NULL;
- if (bfqq->new_bfqq)
- return bfqq->new_bfqq;
-
if (!io_struct || unlikely(bfqq == &bfqd->oom_bfqq))
return NULL;
--
2.34.1
next prev parent reply other threads:[~2022-03-28 11:38 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-28 11:24 [PATCH AUTOSEL 4.19 01/12] selinux: use correct type for context length Sasha Levin
2022-03-28 11:24 ` [PATCH AUTOSEL 4.19 02/12] loop: use sysfs_emit() in the sysfs xxx show() Sasha Levin
2022-03-28 11:44 ` Joe Perches
2022-03-28 11:24 ` [PATCH AUTOSEL 4.19 03/12] Fix incorrect type in assignment of ipv6 port for audit Sasha Levin
2022-03-28 11:24 ` [PATCH AUTOSEL 4.19 04/12] irqchip/qcom-pdc: Fix broken locking Sasha Levin
2022-03-28 11:24 ` [PATCH AUTOSEL 4.19 05/12] irqchip/nvic: Release nvic_base upon failure Sasha Levin
2022-03-28 11:24 ` [PATCH AUTOSEL 4.19 06/12] bfq: fix use-after-free in bfq_dispatch_request Sasha Levin
2022-03-28 11:24 ` [PATCH AUTOSEL 4.19 07/12] ACPICA: Avoid walking the ACPI Namespace if it is not there Sasha Levin
2022-03-28 11:24 ` [PATCH AUTOSEL 4.19 08/12] lib/raid6/test/Makefile: Use $(pound) instead of \# for Make 4.3 Sasha Levin
2022-03-28 11:24 ` Sasha Levin [this message]
2022-03-28 11:24 ` [PATCH AUTOSEL 4.19 10/12] ACPI/APEI: Limit printable size of BERT table data Sasha Levin
2022-03-28 11:24 ` [PATCH AUTOSEL 4.19 11/12] PM: core: keep irq flags in device_pm_check_callbacks() Sasha Levin
2022-03-28 11:24 ` [PATCH AUTOSEL 4.19 12/12] spi: tegra20: Use of_device_get_match_data() Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220328112417.1556946-9-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=axboe@kernel.dk \
--cc=holger@applied-asynchrony.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=paolo.valente@linaro.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.