Commit 16f3a871c431a52d1461e88cf3c0d2e828366930
Committed by
Greg Kroah-Hartman
Greg Kroah-Hartman
1 parent
eec188a371
Exists in
smarc-ti-linux-3.14.y
and in
1 other branch
cfq-iosched: handle failure of cfq group allocation
commit 69abaffec7d47a083739b79e3066cb3730eba72e upstream. Cfq_lookup_create_cfqg() allocates struct blkcg_gq using GFP_ATOMIC. In cfq_find_alloc_queue() possible allocation failure is not handled. As a result kernel oopses on NULL pointer dereference when cfq_link_cfqq_cfqg() calls cfqg_get() for NULL pointer. Bug was introduced in v3.5 in commit cd1604fab4f9 ("blkcg: factor out blkio_group creation"). Prior to that commit cfq group lookup had returned pointer to root group as fallback. This patch handles this error using existing fallback oom_cfqq. Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru> Acked-by: Tejun Heo <tj@kernel.org> Acked-by: Vivek Goyal <vgoyal@redhat.com> Fixes: cd1604fab4f9 ("blkcg: factor out blkio_group creation") Signed-off-by: Jens Axboe <axboe@fb.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Showing 1 changed file with 6 additions and 1 deletions Side-by-side Diff
block/cfq-iosched.c
| ... | ... | @@ -3585,6 +3585,11 @@ |
| 3585 | 3585 | |
| 3586 | 3586 | blkcg = bio_blkcg(bio); |
| 3587 | 3587 | cfqg = cfq_lookup_create_cfqg(cfqd, blkcg); |
| 3588 | + if (!cfqg) { | |
| 3589 | + cfqq = &cfqd->oom_cfqq; | |
| 3590 | + goto out; | |
| 3591 | + } | |
| 3592 | + | |
| 3588 | 3593 | cfqq = cic_to_cfqq(cic, is_sync); |
| 3589 | 3594 | |
| 3590 | 3595 | /* |
| ... | ... | @@ -3621,7 +3626,7 @@ |
| 3621 | 3626 | } else |
| 3622 | 3627 | cfqq = &cfqd->oom_cfqq; |
| 3623 | 3628 | } |
| 3624 | - | |
| 3629 | +out: | |
| 3625 | 3630 | if (new_cfqq) |
| 3626 | 3631 | kmem_cache_free(cfq_pool, new_cfqq); |
| 3627 | 3632 |