diff options
| author | Sam Bradshaw <sbradshaw@micron.com> | 2015-03-18 17:06:18 -0600 |
|---|---|---|
| committer | Jens Axboe <axboe@fb.com> | 2015-03-30 12:54:58 -0600 |
| commit | 343a6c212de4e0b445d8b3b7882066d2f5e37135 (patch) | |
| tree | 1f05fc38f2a8ea81448f34c87fd8f8ed8a9c48df | |
| parent | 9dc7acf1f18942fef5d12bc4a2fd52913a86ec2d (diff) | |
| download | linux-block-v3.10-blk-mq.tar.gz | |
blkmq: Fix NULL pointer deref when all reserved tags inv3.10-blk-mq
When allocating from the reserved tags pool, bt_get() is called with
a NULL hctx. If all tags are in use, the hw queue is kicked to push
out any pending IO, potentially freeing tags, and tag allocation is
retried. The problem is that blk_mq_run_hw_queue() doesn't check for
a NULL hctx. So we avoid it with a simple NULL hctx test.
Tested by hammering mtip32xx with concurrent smartctl/hdparm.
Signed-off-by: Sam Bradshaw <sbradshaw@micron.com>
Signed-off-by: Selvan Mani <smani@micron.com>
Fixes: b32232073e80 ("blk-mq: fix hang in bt_get()")
Cc: stable@kernel.org
Added appropriate comment.
Signed-off-by: Jens Axboe <axboe@fb.com>
| -rw-r--r-- | block/blk-mq-tag.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/block/blk-mq-tag.c b/block/blk-mq-tag.c index 7affdec6dbf6c0..dd11dc80fe25b4 100644 --- a/block/blk-mq-tag.c +++ b/block/blk-mq-tag.c @@ -274,9 +274,11 @@ static int bt_get(struct blk_mq_alloc_data *data, /* * We're out of tags on this hardware queue, kick any * pending IO submits before going to sleep waiting for - * some to complete. + * some to complete. Note that hctx can be NULL here for + * reserved tag allocation. */ - blk_mq_run_hw_queue(hctx, false); + if (hctx) + blk_mq_run_hw_queue(hctx, false); /* * Retry tag allocation after running the hardware queue, |