diff options
| author | Jianpeng Ma <majianpeng@gmail.com> | 2013-07-03 07:25:24 -0400 |
|---|---|---|
| committer | Jens Axboe <axboe@kernel.dk> | 2013-07-03 07:25:24 -0400 |
| commit | d50235b7bc3ee0a0427984d763ea7534149531b4 (patch) | |
| tree | acf1916e7926c1a0dddbe08db11ca2426a3816cc /block/deadline-iosched.c | |
| parent | a6b3f7614ca690e49e934c291f707b0c19312194 (diff) | |
elevator: Fix a race in elevator switching
There's a race between elevator switching and normal io operation.
Because the allocation of struct elevator_queue and struct elevator_data
don't in a atomic operation.So there are have chance to use NULL
->elevator_data.
For example:
Thread A: Thread B
blk_queu_bio elevator_switch
spin_lock_irq(q->queue_block) elevator_alloc
elv_merge elevator_init_fn
Because call elevator_alloc, it can't hold queue_lock and the
->elevator_data is NULL.So at the same time, threadA call elv_merge and
nedd some info of elevator_data.So the crash happened.
Move the elevator_alloc into func elevator_init_fn, it make the
operations in a atomic operation.
Using the follow method can easy reproduce this bug
1:dd if=/dev/sdb of=/dev/null
2:while true;do echo noop > scheduler;echo deadline > scheduler;done
The test method also use this method.
Signed-off-by: Jianpeng Ma <majianpeng@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Diffstat (limited to 'block/deadline-iosched.c')
| -rw-r--r-- | block/deadline-iosched.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/block/deadline-iosched.c b/block/deadline-iosched.c index ba19a3afab79..20614a332362 100644 --- a/block/deadline-iosched.c +++ b/block/deadline-iosched.c | |||
| @@ -337,13 +337,21 @@ static void deadline_exit_queue(struct elevator_queue *e) | |||
| 337 | /* | 337 | /* |
| 338 | * initialize elevator private data (deadline_data). | 338 | * initialize elevator private data (deadline_data). |
| 339 | */ | 339 | */ |
| 340 | static int deadline_init_queue(struct request_queue *q) | 340 | static int deadline_init_queue(struct request_queue *q, struct elevator_type *e) |
| 341 | { | 341 | { |
| 342 | struct deadline_data *dd; | 342 | struct deadline_data *dd; |
| 343 | struct elevator_queue *eq; | ||
| 344 | |||
| 345 | eq = elevator_alloc(q, e); | ||
| 346 | if (!eq) | ||
| 347 | return -ENOMEM; | ||
| 343 | 348 | ||
| 344 | dd = kmalloc_node(sizeof(*dd), GFP_KERNEL | __GFP_ZERO, q->node); | 349 | dd = kmalloc_node(sizeof(*dd), GFP_KERNEL | __GFP_ZERO, q->node); |
| 345 | if (!dd) | 350 | if (!dd) { |
| 351 | kobject_put(&eq->kobj); | ||
| 346 | return -ENOMEM; | 352 | return -ENOMEM; |
| 353 | } | ||
| 354 | eq->elevator_data = dd; | ||
| 347 | 355 | ||
| 348 | INIT_LIST_HEAD(&dd->fifo_list[READ]); | 356 | INIT_LIST_HEAD(&dd->fifo_list[READ]); |
| 349 | INIT_LIST_HEAD(&dd->fifo_list[WRITE]); | 357 | INIT_LIST_HEAD(&dd->fifo_list[WRITE]); |
| @@ -355,7 +363,9 @@ static int deadline_init_queue(struct request_queue *q) | |||
| 355 | dd->front_merges = 1; | 363 | dd->front_merges = 1; |
| 356 | dd->fifo_batch = fifo_batch; | 364 | dd->fifo_batch = fifo_batch; |
| 357 | 365 | ||
| 358 | q->elevator->elevator_data = dd; | 366 | spin_lock_irq(q->queue_lock); |
| 367 | q->elevator = eq; | ||
| 368 | spin_unlock_irq(q->queue_lock); | ||
| 359 | return 0; | 369 | return 0; |
| 360 | } | 370 | } |
| 361 | 371 | ||