On 10/15/19 10:03 AM, Tejun Heo wrote:
> blkcg_activate_policy() has the following bugs.
>
> * cf09a8ee19ad ("blkcg: pass @q and @blkcg into
> blkcg_pol_alloc_pd_fn()") added @blkcg to ->pd_alloc_fn(); however,
> blkcg_activate_policy() ends up using pd's allocated for the root
> blkcg for all preallocations, so ->pd_init_fn() for non-root blkcgs
> can be passed in pd's which are allocated for the root blkcg.
>
> For blk-iocost, this means that ->pd_init_fn() can write beyond the
> end of the allocated object as it determines the length of the flex
> array at the end based on the blkcg's nesting level.
>
> * Each pd is initialized as they get allocated. If alloc fails, the
> policy will get freed with pd's initialized on it.
>
> * After the above partial failure, the partial pds are not freed.
>
> This patch fixes all the above issues by
>
> * Restructuring blkcg_activate_policy() so that alloc and init passes
> are separate. Init takes place only after all allocs succeeded and
> on failure all allocated pds are freed.
>
> * Unifying and fixing the cleanup of the remaining pd_prealloc.
Great thanks, applied.
--
Jens Axboe
