From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S932595AbbBIOG3 (ORCPT <rfc822;w@1wt.eu>);
	Mon, 9 Feb 2015 09:06:29 -0500
Received: from mx1.redhat.com ([209.132.183.28]:51087 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S932327AbbBIOG1 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Mon, 9 Feb 2015 09:06:27 -0500
Date: Mon, 9 Feb 2015 09:06:18 -0500
From: Vivek Goyal <vgoyal@redhat.com>
To: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Cc: Jens Axboe <axboe@kernel.dk>, linux-kernel@vger.kernel.org,
        Tejun Heo <tj@kernel.org>, stable@vger.kernel.org
Subject: Re: [PATCH] cfq-iosched: handle failure of cfq group allocation
Message-ID: <20150209140618.GA15450@redhat.com>
References: <20150209134249.12420.97482.stgit@buzz>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20150209134249.12420.97482.stgit@buzz>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Feb 09, 2015 at 04:42:49PM +0300, Konstantin Khlebnikov wrote:
> Cfq_lookup_create_cfqg() allocates struct blkcg_gq using GFP_ATOMIC.
> In cfq_find_alloc_queue() possible allocation failure is not handled.
> As a result kernel oopses on NULL pointer dereference when
> cfq_link_cfqq_cfqg() calls cfqg_get() for NULL pointer.
> 
> Bug was introduced in v3.5 in commit cd1604fab4f9 ("blkcg: factor
> out blkio_group creation"). Prior to that commit cfq group lookup
> had returned pointer to root group as fallback.
> 
> This patch handles this error using existing fallback oom_cfqq.
> 
> Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
> ---
>  block/cfq-iosched.c |    7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)

Looks good to me. Thanks for the patch.

Acked-by: Vivek Goyal <vgoyal@redhat.com>

Vivek

> 
> diff --git a/block/cfq-iosched.c b/block/cfq-iosched.c
> index 6f2751d..01898a4 100644
> --- a/block/cfq-iosched.c
> +++ b/block/cfq-iosched.c
> @@ -3590,6 +3590,11 @@ retry:
>  
>  	blkcg = bio_blkcg(bio);
>  	cfqg = cfq_lookup_create_cfqg(cfqd, blkcg);
> +	if (!cfqg) {
> +		cfqq = &cfqd->oom_cfqq;
> +		goto out;
> +	}
> +
>  	cfqq = cic_to_cfqq(cic, is_sync);
>  
>  	/*
> @@ -3626,7 +3631,7 @@ retry:
>  		} else
>  			cfqq = &cfqd->oom_cfqq;
>  	}
> -
> +out:
>  	if (new_cfqq)
>  		kmem_cache_free(cfq_pool, new_cfqq);
>