* [PATCH] cfq-iosched: handle failure of cfq group allocation
@ 2015-02-09 13:42 Konstantin Khlebnikov
2015-02-09 13:45 ` Tejun Heo
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Konstantin Khlebnikov @ 2015-02-09 13:42 UTC (permalink / raw)
To: Jens Axboe, linux-kernel; +Cc: Tejun Heo, Vivek Goyal, stable
Cfq_lookup_create_cfqg() allocates struct blkcg_gq using GFP_ATOMIC.
In cfq_find_alloc_queue() possible allocation failure is not handled.
As a result kernel oopses on NULL pointer dereference when
cfq_link_cfqq_cfqg() calls cfqg_get() for NULL pointer.
Bug was introduced in v3.5 in commit cd1604fab4f9 ("blkcg: factor
out blkio_group creation"). Prior to that commit cfq group lookup
had returned pointer to root group as fallback.
This patch handles this error using existing fallback oom_cfqq.
Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
---
block/cfq-iosched.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/block/cfq-iosched.c b/block/cfq-iosched.c
index 6f2751d..01898a4 100644
--- a/block/cfq-iosched.c
+++ b/block/cfq-iosched.c
@@ -3590,6 +3590,11 @@ retry:
blkcg = bio_blkcg(bio);
cfqg = cfq_lookup_create_cfqg(cfqd, blkcg);
+ if (!cfqg) {
+ cfqq = &cfqd->oom_cfqq;
+ goto out;
+ }
+
cfqq = cic_to_cfqq(cic, is_sync);
/*
@@ -3626,7 +3631,7 @@ retry:
} else
cfqq = &cfqd->oom_cfqq;
}
-
+out:
if (new_cfqq)
kmem_cache_free(cfq_pool, new_cfqq);
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] cfq-iosched: handle failure of cfq group allocation
2015-02-09 13:42 [PATCH] cfq-iosched: handle failure of cfq group allocation Konstantin Khlebnikov
@ 2015-02-09 13:45 ` Tejun Heo
2015-02-09 14:06 ` Vivek Goyal
2015-02-09 17:22 ` Jens Axboe
2 siblings, 0 replies; 4+ messages in thread
From: Tejun Heo @ 2015-02-09 13:45 UTC (permalink / raw)
To: Konstantin Khlebnikov; +Cc: Jens Axboe, linux-kernel, Vivek Goyal, stable
On Mon, Feb 09, 2015 at 04:42:49PM +0300, Konstantin Khlebnikov wrote:
> Cfq_lookup_create_cfqg() allocates struct blkcg_gq using GFP_ATOMIC.
> In cfq_find_alloc_queue() possible allocation failure is not handled.
> As a result kernel oopses on NULL pointer dereference when
> cfq_link_cfqq_cfqg() calls cfqg_get() for NULL pointer.
>
> Bug was introduced in v3.5 in commit cd1604fab4f9 ("blkcg: factor
> out blkio_group creation"). Prior to that commit cfq group lookup
> had returned pointer to root group as fallback.
>
> This patch handles this error using existing fallback oom_cfqq.
>
> Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Oops,
Acked-by: Tejun Heo <tj@kernel.org>
Thanks.
--
tejun
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] cfq-iosched: handle failure of cfq group allocation
2015-02-09 13:42 [PATCH] cfq-iosched: handle failure of cfq group allocation Konstantin Khlebnikov
2015-02-09 13:45 ` Tejun Heo
@ 2015-02-09 14:06 ` Vivek Goyal
2015-02-09 17:22 ` Jens Axboe
2 siblings, 0 replies; 4+ messages in thread
From: Vivek Goyal @ 2015-02-09 14:06 UTC (permalink / raw)
To: Konstantin Khlebnikov; +Cc: Jens Axboe, linux-kernel, Tejun Heo, stable
On Mon, Feb 09, 2015 at 04:42:49PM +0300, Konstantin Khlebnikov wrote:
> Cfq_lookup_create_cfqg() allocates struct blkcg_gq using GFP_ATOMIC.
> In cfq_find_alloc_queue() possible allocation failure is not handled.
> As a result kernel oopses on NULL pointer dereference when
> cfq_link_cfqq_cfqg() calls cfqg_get() for NULL pointer.
>
> Bug was introduced in v3.5 in commit cd1604fab4f9 ("blkcg: factor
> out blkio_group creation"). Prior to that commit cfq group lookup
> had returned pointer to root group as fallback.
>
> This patch handles this error using existing fallback oom_cfqq.
>
> Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
> ---
> block/cfq-iosched.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
Looks good to me. Thanks for the patch.
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Vivek
>
> diff --git a/block/cfq-iosched.c b/block/cfq-iosched.c
> index 6f2751d..01898a4 100644
> --- a/block/cfq-iosched.c
> +++ b/block/cfq-iosched.c
> @@ -3590,6 +3590,11 @@ retry:
>
> blkcg = bio_blkcg(bio);
> cfqg = cfq_lookup_create_cfqg(cfqd, blkcg);
> + if (!cfqg) {
> + cfqq = &cfqd->oom_cfqq;
> + goto out;
> + }
> +
> cfqq = cic_to_cfqq(cic, is_sync);
>
> /*
> @@ -3626,7 +3631,7 @@ retry:
> } else
> cfqq = &cfqd->oom_cfqq;
> }
> -
> +out:
> if (new_cfqq)
> kmem_cache_free(cfq_pool, new_cfqq);
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] cfq-iosched: handle failure of cfq group allocation
2015-02-09 13:42 [PATCH] cfq-iosched: handle failure of cfq group allocation Konstantin Khlebnikov
2015-02-09 13:45 ` Tejun Heo
2015-02-09 14:06 ` Vivek Goyal
@ 2015-02-09 17:22 ` Jens Axboe
2 siblings, 0 replies; 4+ messages in thread
From: Jens Axboe @ 2015-02-09 17:22 UTC (permalink / raw)
To: Konstantin Khlebnikov, linux-kernel; +Cc: Tejun Heo, Vivek Goyal, stable
On 02/09/2015 06:42 AM, Konstantin Khlebnikov wrote:
> Cfq_lookup_create_cfqg() allocates struct blkcg_gq using GFP_ATOMIC.
> In cfq_find_alloc_queue() possible allocation failure is not handled.
> As a result kernel oopses on NULL pointer dereference when
> cfq_link_cfqq_cfqg() calls cfqg_get() for NULL pointer.
>
> Bug was introduced in v3.5 in commit cd1604fab4f9 ("blkcg: factor
> out blkio_group creation"). Prior to that commit cfq group lookup
> had returned pointer to root group as fallback.
>
> This patch handles this error using existing fallback oom_cfqq.
Thanks, added and marked for stable as well.
--
Jens Axboe
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-02-09 17:22 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-02-09 13:42 [PATCH] cfq-iosched: handle failure of cfq group allocation Konstantin Khlebnikov
2015-02-09 13:45 ` Tejun Heo
2015-02-09 14:06 ` Vivek Goyal
2015-02-09 17:22 ` Jens Axboe
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).