Ming Lei <[email protected]> writes: > blk_mq_alloc_request_pinned() may return NULL request in case of > !__GFP_WAIT, so cause its callers to derefence NULL pointer for > releasing current context. > > This patch introduces two flags to address the issue.
Hi, Ming, Good catch, but your patch seems overly complicated. How about something like the following (compile-tested only), instead? Note that I did not touch blk_make_request, as the put_ctx there seems to correlate to a get_ctx earlier in the function (not a leaked reference from __blk_mq_alloc_request). -Jeff p.s. Jens, every time I see GFP_ATOMIC|__GFP_WAIT, my head explodes. Just sayin'. Signed-off-by: Jeff Moyer <[email protected]> diff --git a/block/blk-mq.c b/block/blk-mq.c index cdc629c..70fd6f9 100644 --- a/block/blk-mq.c +++ b/block/blk-mq.c @@ -202,10 +202,12 @@ static struct request *blk_mq_alloc_request_pinned(struct request_queue *q, if (rq) { blk_mq_rq_ctx_init(q, ctx, rq, rw); break; - } else if (!(gfp & __GFP_WAIT)) - break; + } blk_mq_put_ctx(ctx); + if (!(gfp & __GFP_WAIT)) + break; + __blk_mq_run_hw_queue(hctx); blk_mq_wait_for_tags(hctx->tags); } while (1); @@ -222,7 +224,8 @@ struct request *blk_mq_alloc_request(struct request_queue *q, int rw, return NULL; rq = blk_mq_alloc_request_pinned(q, rw, gfp, reserved); - blk_mq_put_ctx(rq->mq_ctx); + if (rq) + blk_mq_put_ctx(rq->mq_ctx); return rq; } @@ -235,7 +238,8 @@ struct request *blk_mq_alloc_reserved_request(struct request_queue *q, int rw, return NULL; rq = blk_mq_alloc_request_pinned(q, rw, gfp, true); - blk_mq_put_ctx(rq->mq_ctx); + if (rq) + blk_mq_put_ctx(rq->mq_ctx); return rq; } EXPORT_SYMBOL(blk_mq_alloc_reserved_request); -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
