From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752526AbbCRXDo (ORCPT ); Wed, 18 Mar 2015 19:03:44 -0400 Received: from mailout.micron.com ([137.201.242.129]:39702 "EHLO mailout.micron.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751074AbbCRXDj (ORCPT ); Wed, 18 Mar 2015 19:03:39 -0400 Message-ID: <550A052F.6020601@micron.com> Date: Wed, 18 Mar 2015 16:07:27 -0700 From: Sam Bradshaw User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.23) Gecko/20110928 Red Hat/3.1.15-1.el6_1 Thunderbird/3.1.15 MIME-Version: 1.0 To: Jens Axboe CC: Subject: [PATCH v2] blkmq: Fix NULL pointer deref when all reserved tags in use Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit X-TM-AS-Product-Ver: SMEX-10.0.0.4152-7.000.1014-21408.003 X-TM-AS-Result: No--11.816100-0.000000-31 X-TM-AS-User-Approved-Sender: Yes X-TM-AS-User-Blocked-Sender: No X-MT-CheckInternalSenderRule: True Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When allocating from the reserved tags pool, bt_get() is called with a NULL hctx. If all tags are in use, the hw queue is kicked to push out any pending IO, potentially freeing tags, and tag allocation is retried. The problem is that blk_mq_run_hw_queue() doesn't check for a NULL hctx. So we avoid it with a simple NULL hctx test. This issue was introduced by: b32232073e80: blk-mq: fix hang in bt_get() Tested by hammering mtip32xx with concurrent smartctl/hdparm. Signed-off-by: Sam Bradshaw Signed-off-by: Selvan Mani --- diff --git a/block/blk-mq-tag.c b/block/blk-mq-tag.c index d53a764..9d7dd64 100644 --- a/block/blk-mq-tag.c +++ b/block/blk-mq-tag.c @@ -280,7 +280,8 @@ static int bt_get(struct blk_mq_alloc_data *data, * pending IO submits before going to sleep waiting for * some to complete. */ - blk_mq_run_hw_queue(hctx, false); + if (hctx) + blk_mq_run_hw_queue(hctx, false); /* * Retry tag allocation after running the hardware queue,