Patch "blkmq: Fix NULL pointer deref when all reserved tags in" has been added to the 3.19-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is a note to let you know that I've just added the patch titled

    blkmq: Fix NULL pointer deref when all reserved tags in

to the 3.19-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     blkmq-fix-null-pointer-deref-when-all-reserved-tags-in.patch
and it can be found in the queue-3.19 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From bc188d818edf325ae38cfa43254a0b10a4defd65 Mon Sep 17 00:00:00 2001
From: Sam Bradshaw <sbradshaw@xxxxxxxxxx>
Date: Wed, 18 Mar 2015 17:06:18 -0600
Subject: blkmq: Fix NULL pointer deref when all reserved tags in

From: Sam Bradshaw <sbradshaw@xxxxxxxxxx>

commit bc188d818edf325ae38cfa43254a0b10a4defd65 upstream.

When allocating from the reserved tags pool, bt_get() is called with
a NULL hctx.  If all tags are in use, the hw queue is kicked to push
out any pending IO, potentially freeing tags, and tag allocation is
retried.  The problem is that blk_mq_run_hw_queue() doesn't check for
a NULL hctx.  So we avoid it with a simple NULL hctx test.

Tested by hammering mtip32xx with concurrent smartctl/hdparm.

Signed-off-by: Sam Bradshaw <sbradshaw@xxxxxxxxxx>
Signed-off-by: Selvan Mani <smani@xxxxxxxxxx>
Fixes: b32232073e80 ("blk-mq: fix hang in bt_get()")
Added appropriate comment.
Signed-off-by: Jens Axboe <axboe@xxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
 block/blk-mq-tag.c |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

--- a/block/blk-mq-tag.c
+++ b/block/blk-mq-tag.c
@@ -265,9 +265,11 @@ static int bt_get(struct blk_mq_alloc_da
 		/*
 		 * We're out of tags on this hardware queue, kick any
 		 * pending IO submits before going to sleep waiting for
-		 * some to complete.
+		 * some to complete. Note that hctx can be NULL here for
+		 * reserved tag allocation.
 		 */
-		blk_mq_run_hw_queue(hctx, false);
+		if (hctx)
+			blk_mq_run_hw_queue(hctx, false);
 
 		/*
 		 * Retry tag allocation after running the hardware queue,


Patches currently in stable-queue which might be from sbradshaw@xxxxxxxxxx are

queue-3.19/blkmq-fix-null-pointer-deref-when-all-reserved-tags-in.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]