[PATCH] block: fully initialize queue in blk_mq_init_allocated_queue

Fri, 13 Mar 2015 02:31:18 -0700 

Commit c9e8c91f8a279b87eb0d94b037504ea9fc1bef7c
 Author: Mike Snitzer <[email protected]>
 Date:   Tue Mar 10 15:54:41 2015 -0400

 blk-mq: fix use of incorrect goto label in blk_mq_init_queue error path

for some reason has moved queue allocation 'q = blk_alloc_queue_node()'
after 'percpu_ref_init(&q->mq_usage_counter...)', so we are doing percpu
init on something that is not a request_queue.

Further commit 716452cd27b145d611e4399e7cc35df6c943686e
 Author: Mike Snitzer <[email protected]>
 Date:   Tue Mar 10 17:20:20 2015 -0400

 blk-mq: add blk_mq_init_allocated_queue and export

has introduced abother issue.
In blk_mq_init_queue() we allocate new request_queue:

       uninit_q = blk_alloc_queue_node(GFP_KERNEL, set->numa_node);
       if (!uninit_q)
               return ERR_PTR(-ENOMEM);

and pass `uninit_q' as a 'request_queue *q' parameter to
blk_mq_init_allocated_queue():

       q = blk_mq_init_allocated_queue(set, uninit_q);

blk_mq_init_allocated_queue(), however, firstly use passed `uninit_q' to init
its percpu, but then it allocates a new request_queue and returns it back,
not being properly initialized:

blk_mq_init_allocated_queue(struct blk_mq_tag_set *set, struct request_queue *q)
[..]
       if (percpu_ref_init(&q->mq_usage_counter, blk_mq_usage_counter_release,
                            PERCPU_REF_INIT_ATOMIC, GFP_KERNEL))
               goto err_hctxs;

       q = blk_alloc_queue_node(GFP_KERNEL, set->numa_node);
       if (!q)
               goto err_hctxs;

[..]
       return q;

Which eventually leads to different problems, including a NULL pointer
dereference.

Remove blk_alloc_queue_node() from blk_mq_init_allocated_queue() and use
supplied request_queue.

Signed-off-by: Sergey Senozhatsky <[email protected]>
---
 block/blk-mq.c | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/block/blk-mq.c b/block/blk-mq.c
index b838dfc..59fa239 100644
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -1955,10 +1955,6 @@ struct request_queue *blk_mq_init_allocated_queue(struct 
blk_mq_tag_set *set,
                            PERCPU_REF_INIT_ATOMIC, GFP_KERNEL))
                goto err_hctxs;
 
-       q = blk_alloc_queue_node(GFP_KERNEL, set->numa_node);
-       if (!q)
-               goto err_hctxs;
-
        setup_timer(&q->timeout, blk_mq_rq_timer, (unsigned long) q);
        blk_queue_rq_timeout(q, 30000);
 
-- 
2.3.2.223.g7a9409c

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Reply via email to