Re: [PATCH] block: fix mq request allocation

Mon, 02 Dec 2013 17:34:32 -0800 

Hi Jeff,

On Mon, Dec 2, 2013 at 11:20 PM, Jeff Moyer <[email protected]> wrote:
> Ming Lei <[email protected]> writes:
>
>> blk_mq_alloc_request_pinned() may return NULL request in case of
>> !__GFP_WAIT, so cause its callers to derefence NULL pointer for
>> releasing current context.
>>
>> This patch introduces two flags to address the issue.
>
> Hi, Ming,
>
>
> Good catch, but your patch seems overly complicated.  How about
> something like the following (compile-tested only), instead?  Note that

Looks your patch is better and simpler, :-)


> I did not touch blk_make_request, as the put_ctx there seems to
> correlate to a get_ctx earlier in the function (not a leaked reference
> from __blk_mq_alloc_request).
>
> -Jeff
>
> p.s. Jens, every time I see GFP_ATOMIC|__GFP_WAIT, my head explodes.  Just 
> sayin'.
>
> Signed-off-by: Jeff Moyer <[email protected]>

Reported-by: Ming Lei <[email protected]>

>
>
> diff --git a/block/blk-mq.c b/block/blk-mq.c
> index cdc629c..70fd6f9 100644
> --- a/block/blk-mq.c
> +++ b/block/blk-mq.c
> @@ -202,10 +202,12 @@ static struct request 
> *blk_mq_alloc_request_pinned(struct request_queue *q,
>                 if (rq) {
>                         blk_mq_rq_ctx_init(q, ctx, rq, rw);
>                         break;
> -               } else if (!(gfp & __GFP_WAIT))
> -                       break;
> +               }
>
>                 blk_mq_put_ctx(ctx);
> +               if (!(gfp & __GFP_WAIT))
> +                       break;
> +
>                 __blk_mq_run_hw_queue(hctx);
>                 blk_mq_wait_for_tags(hctx->tags);
>         } while (1);
> @@ -222,7 +224,8 @@ struct request *blk_mq_alloc_request(struct request_queue 
> *q, int rw,
>                 return NULL;
>
>         rq = blk_mq_alloc_request_pinned(q, rw, gfp, reserved);
> -       blk_mq_put_ctx(rq->mq_ctx);
> +       if (rq)
> +               blk_mq_put_ctx(rq->mq_ctx);
>         return rq;
>  }
>
> @@ -235,7 +238,8 @@ struct request *blk_mq_alloc_reserved_request(struct 
> request_queue *q, int rw,
>                 return NULL;
>
>         rq = blk_mq_alloc_request_pinned(q, rw, gfp, true);
> -       blk_mq_put_ctx(rq->mq_ctx);
> +       if (rq)
> +               blk_mq_put_ctx(rq->mq_ctx);
>         return rq;
>  }
>  EXPORT_SYMBOL(blk_mq_alloc_reserved_request);


Thanks,
-- 
Ming Lei
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Reply via email to