mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-01 10:45:49 +00:00
elevator: Fix a race in elevator switching
There's a race between elevator switching and normal io operation. Because the allocation of struct elevator_queue and struct elevator_data don't in a atomic operation.So there are have chance to use NULL ->elevator_data. For example: Thread A: Thread B blk_queu_bio elevator_switch spin_lock_irq(q->queue_block) elevator_alloc elv_merge elevator_init_fn Because call elevator_alloc, it can't hold queue_lock and the ->elevator_data is NULL.So at the same time, threadA call elv_merge and nedd some info of elevator_data.So the crash happened. Move the elevator_alloc into func elevator_init_fn, it make the operations in a atomic operation. Using the follow method can easy reproduce this bug 1:dd if=/dev/sdb of=/dev/null 2:while true;do echo noop > scheduler;echo deadline > scheduler;done The test method also use this method. Signed-off-by: Jianpeng Ma <majianpeng@gmail.com> Signed-off-by: Jens Axboe <axboe@kernel.dk>
This commit is contained in:
parent
a6b3f7614c
commit
d50235b7bc
@ -4347,18 +4347,28 @@ static void cfq_exit_queue(struct elevator_queue *e)
|
|||||||
kfree(cfqd);
|
kfree(cfqd);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int cfq_init_queue(struct request_queue *q)
|
static int cfq_init_queue(struct request_queue *q, struct elevator_type *e)
|
||||||
{
|
{
|
||||||
struct cfq_data *cfqd;
|
struct cfq_data *cfqd;
|
||||||
struct blkcg_gq *blkg __maybe_unused;
|
struct blkcg_gq *blkg __maybe_unused;
|
||||||
int i, ret;
|
int i, ret;
|
||||||
|
struct elevator_queue *eq;
|
||||||
|
|
||||||
cfqd = kmalloc_node(sizeof(*cfqd), GFP_KERNEL | __GFP_ZERO, q->node);
|
eq = elevator_alloc(q, e);
|
||||||
if (!cfqd)
|
if (!eq)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
|
cfqd = kmalloc_node(sizeof(*cfqd), GFP_KERNEL | __GFP_ZERO, q->node);
|
||||||
|
if (!cfqd) {
|
||||||
|
kobject_put(&eq->kobj);
|
||||||
|
return -ENOMEM;
|
||||||
|
}
|
||||||
|
eq->elevator_data = cfqd;
|
||||||
|
|
||||||
cfqd->queue = q;
|
cfqd->queue = q;
|
||||||
q->elevator->elevator_data = cfqd;
|
spin_lock_irq(q->queue_lock);
|
||||||
|
q->elevator = eq;
|
||||||
|
spin_unlock_irq(q->queue_lock);
|
||||||
|
|
||||||
/* Init root service tree */
|
/* Init root service tree */
|
||||||
cfqd->grp_service_tree = CFQ_RB_ROOT;
|
cfqd->grp_service_tree = CFQ_RB_ROOT;
|
||||||
@ -4433,6 +4443,7 @@ static int cfq_init_queue(struct request_queue *q)
|
|||||||
|
|
||||||
out_free:
|
out_free:
|
||||||
kfree(cfqd);
|
kfree(cfqd);
|
||||||
|
kobject_put(&eq->kobj);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -337,13 +337,21 @@ static void deadline_exit_queue(struct elevator_queue *e)
|
|||||||
/*
|
/*
|
||||||
* initialize elevator private data (deadline_data).
|
* initialize elevator private data (deadline_data).
|
||||||
*/
|
*/
|
||||||
static int deadline_init_queue(struct request_queue *q)
|
static int deadline_init_queue(struct request_queue *q, struct elevator_type *e)
|
||||||
{
|
{
|
||||||
struct deadline_data *dd;
|
struct deadline_data *dd;
|
||||||
|
struct elevator_queue *eq;
|
||||||
|
|
||||||
|
eq = elevator_alloc(q, e);
|
||||||
|
if (!eq)
|
||||||
|
return -ENOMEM;
|
||||||
|
|
||||||
dd = kmalloc_node(sizeof(*dd), GFP_KERNEL | __GFP_ZERO, q->node);
|
dd = kmalloc_node(sizeof(*dd), GFP_KERNEL | __GFP_ZERO, q->node);
|
||||||
if (!dd)
|
if (!dd) {
|
||||||
|
kobject_put(&eq->kobj);
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
}
|
||||||
|
eq->elevator_data = dd;
|
||||||
|
|
||||||
INIT_LIST_HEAD(&dd->fifo_list[READ]);
|
INIT_LIST_HEAD(&dd->fifo_list[READ]);
|
||||||
INIT_LIST_HEAD(&dd->fifo_list[WRITE]);
|
INIT_LIST_HEAD(&dd->fifo_list[WRITE]);
|
||||||
@ -355,7 +363,9 @@ static int deadline_init_queue(struct request_queue *q)
|
|||||||
dd->front_merges = 1;
|
dd->front_merges = 1;
|
||||||
dd->fifo_batch = fifo_batch;
|
dd->fifo_batch = fifo_batch;
|
||||||
|
|
||||||
q->elevator->elevator_data = dd;
|
spin_lock_irq(q->queue_lock);
|
||||||
|
q->elevator = eq;
|
||||||
|
spin_unlock_irq(q->queue_lock);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -150,7 +150,7 @@ void __init load_default_elevator_module(void)
|
|||||||
|
|
||||||
static struct kobj_type elv_ktype;
|
static struct kobj_type elv_ktype;
|
||||||
|
|
||||||
static struct elevator_queue *elevator_alloc(struct request_queue *q,
|
struct elevator_queue *elevator_alloc(struct request_queue *q,
|
||||||
struct elevator_type *e)
|
struct elevator_type *e)
|
||||||
{
|
{
|
||||||
struct elevator_queue *eq;
|
struct elevator_queue *eq;
|
||||||
@ -170,6 +170,7 @@ static struct elevator_queue *elevator_alloc(struct request_queue *q,
|
|||||||
elevator_put(e);
|
elevator_put(e);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
EXPORT_SYMBOL(elevator_alloc);
|
||||||
|
|
||||||
static void elevator_release(struct kobject *kobj)
|
static void elevator_release(struct kobject *kobj)
|
||||||
{
|
{
|
||||||
@ -221,16 +222,7 @@ int elevator_init(struct request_queue *q, char *name)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
q->elevator = elevator_alloc(q, e);
|
err = e->ops.elevator_init_fn(q, e);
|
||||||
if (!q->elevator)
|
|
||||||
return -ENOMEM;
|
|
||||||
|
|
||||||
err = e->ops.elevator_init_fn(q);
|
|
||||||
if (err) {
|
|
||||||
kobject_put(&q->elevator->kobj);
|
|
||||||
return err;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL(elevator_init);
|
EXPORT_SYMBOL(elevator_init);
|
||||||
@ -935,17 +927,10 @@ static int elevator_switch(struct request_queue *q, struct elevator_type *new_e)
|
|||||||
spin_unlock_irq(q->queue_lock);
|
spin_unlock_irq(q->queue_lock);
|
||||||
|
|
||||||
/* allocate, init and register new elevator */
|
/* allocate, init and register new elevator */
|
||||||
err = -ENOMEM;
|
err = new_e->ops.elevator_init_fn(q, new_e);
|
||||||
q->elevator = elevator_alloc(q, new_e);
|
if (err)
|
||||||
if (!q->elevator)
|
|
||||||
goto fail_init;
|
goto fail_init;
|
||||||
|
|
||||||
err = new_e->ops.elevator_init_fn(q);
|
|
||||||
if (err) {
|
|
||||||
kobject_put(&q->elevator->kobj);
|
|
||||||
goto fail_init;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (registered) {
|
if (registered) {
|
||||||
err = elv_register_queue(q);
|
err = elv_register_queue(q);
|
||||||
if (err)
|
if (err)
|
||||||
|
@ -59,16 +59,27 @@ noop_latter_request(struct request_queue *q, struct request *rq)
|
|||||||
return list_entry(rq->queuelist.next, struct request, queuelist);
|
return list_entry(rq->queuelist.next, struct request, queuelist);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int noop_init_queue(struct request_queue *q)
|
static int noop_init_queue(struct request_queue *q, struct elevator_type *e)
|
||||||
{
|
{
|
||||||
struct noop_data *nd;
|
struct noop_data *nd;
|
||||||
|
struct elevator_queue *eq;
|
||||||
|
|
||||||
nd = kmalloc_node(sizeof(*nd), GFP_KERNEL, q->node);
|
eq = elevator_alloc(q, e);
|
||||||
if (!nd)
|
if (!eq)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
|
nd = kmalloc_node(sizeof(*nd), GFP_KERNEL, q->node);
|
||||||
|
if (!nd) {
|
||||||
|
kobject_put(&eq->kobj);
|
||||||
|
return -ENOMEM;
|
||||||
|
}
|
||||||
|
eq->elevator_data = nd;
|
||||||
|
|
||||||
INIT_LIST_HEAD(&nd->queue);
|
INIT_LIST_HEAD(&nd->queue);
|
||||||
q->elevator->elevator_data = nd;
|
|
||||||
|
spin_lock_irq(q->queue_lock);
|
||||||
|
q->elevator = eq;
|
||||||
|
spin_unlock_irq(q->queue_lock);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -7,6 +7,7 @@
|
|||||||
#ifdef CONFIG_BLOCK
|
#ifdef CONFIG_BLOCK
|
||||||
|
|
||||||
struct io_cq;
|
struct io_cq;
|
||||||
|
struct elevator_type;
|
||||||
|
|
||||||
typedef int (elevator_merge_fn) (struct request_queue *, struct request **,
|
typedef int (elevator_merge_fn) (struct request_queue *, struct request **,
|
||||||
struct bio *);
|
struct bio *);
|
||||||
@ -35,7 +36,8 @@ typedef void (elevator_put_req_fn) (struct request *);
|
|||||||
typedef void (elevator_activate_req_fn) (struct request_queue *, struct request *);
|
typedef void (elevator_activate_req_fn) (struct request_queue *, struct request *);
|
||||||
typedef void (elevator_deactivate_req_fn) (struct request_queue *, struct request *);
|
typedef void (elevator_deactivate_req_fn) (struct request_queue *, struct request *);
|
||||||
|
|
||||||
typedef int (elevator_init_fn) (struct request_queue *);
|
typedef int (elevator_init_fn) (struct request_queue *,
|
||||||
|
struct elevator_type *e);
|
||||||
typedef void (elevator_exit_fn) (struct elevator_queue *);
|
typedef void (elevator_exit_fn) (struct elevator_queue *);
|
||||||
|
|
||||||
struct elevator_ops
|
struct elevator_ops
|
||||||
@ -155,6 +157,8 @@ extern int elevator_init(struct request_queue *, char *);
|
|||||||
extern void elevator_exit(struct elevator_queue *);
|
extern void elevator_exit(struct elevator_queue *);
|
||||||
extern int elevator_change(struct request_queue *, const char *);
|
extern int elevator_change(struct request_queue *, const char *);
|
||||||
extern bool elv_rq_merge_ok(struct request *, struct bio *);
|
extern bool elv_rq_merge_ok(struct request *, struct bio *);
|
||||||
|
extern struct elevator_queue *elevator_alloc(struct request_queue *,
|
||||||
|
struct elevator_type *);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Helper functions.
|
* Helper functions.
|
||||||
|
Loading…
Reference in New Issue
Block a user