Re: [PATCH 02/14] blk-mq: Fix a potential NULL pointer assignment to hctx tags
From: Omar Sandoval
Date: Mon Sep 19 2016 - 14:34:40 EST
On Sun, Sep 18, 2016 at 09:37:12AM +0200, Alexander Gordeev wrote:
> If number of used hardware queues is dynamically decreased
> then tags corresponding to the newly unused queues are freed.
>
> If previously unused hardware queues are then reused again
> they will start referring the previously freed tags.
>
> CC: linux-block@xxxxxxxxxxxxxxx
> Signed-off-by: Alexander Gordeev <agordeev@xxxxxxxxxx>
> ---
> block/blk-mq.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/block/blk-mq.c b/block/blk-mq.c
> index 66505af7..7fa58fe 100644
> --- a/block/blk-mq.c
> +++ b/block/blk-mq.c
> @@ -1995,6 +1995,8 @@ static void blk_mq_realloc_hw_ctxs(struct blk_mq_tag_set *set,
>
> if (hctxs[i])
> continue;
> + if (!set->tags[i])
> + break;
>
> node = blk_mq_hw_queue_to_node(q->mq_map, i);
> hctxs[i] = kzalloc_node(sizeof(struct blk_mq_hw_ctx),
In blk_mq_map_swqueue(), we have:
/* unmapped hw queue can be remapped after CPU topo changed */
if (!set->tags[i])
set->tags[i] = blk_mq_init_rq_map(set, i);
hctx->tags = set->tags[i];
WARN_ON(!hctx->tags);
blk_mq_map_swqueue() is called from blk_mq_queue_reinit(), which we call
from blk_mq_update_nr_hw_queues(). Is that not enough? This
initialization/resizing is a bit of a twisty maze and it's hard to
convince myself that it's all correct, so cleanup here is probably
valuable.
--
Omar