diff options
| author | Jianpeng Ma <majianpeng@gmail.com> | 2013-07-03 07:25:24 -0400 |
|---|---|---|
| committer | Jens Axboe <axboe@kernel.dk> | 2013-07-03 07:25:24 -0400 |
| commit | d50235b7bc3ee0a0427984d763ea7534149531b4 (patch) | |
| tree | acf1916e7926c1a0dddbe08db11ca2426a3816cc /block/elevator.c | |
| parent | a6b3f7614ca690e49e934c291f707b0c19312194 (diff) | |
elevator: Fix a race in elevator switching
There's a race between elevator switching and normal io operation.
Because the allocation of struct elevator_queue and struct elevator_data
don't in a atomic operation.So there are have chance to use NULL
->elevator_data.
For example:
Thread A: Thread B
blk_queu_bio elevator_switch
spin_lock_irq(q->queue_block) elevator_alloc
elv_merge elevator_init_fn
Because call elevator_alloc, it can't hold queue_lock and the
->elevator_data is NULL.So at the same time, threadA call elv_merge and
nedd some info of elevator_data.So the crash happened.
Move the elevator_alloc into func elevator_init_fn, it make the
operations in a atomic operation.
Using the follow method can easy reproduce this bug
1:dd if=/dev/sdb of=/dev/null
2:while true;do echo noop > scheduler;echo deadline > scheduler;done
The test method also use this method.
Signed-off-by: Jianpeng Ma <majianpeng@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Diffstat (limited to 'block/elevator.c')
| -rw-r--r-- | block/elevator.c | 25 |
1 files changed, 5 insertions, 20 deletions
diff --git a/block/elevator.c b/block/elevator.c index eba5b04c29b1..668394d18588 100644 --- a/block/elevator.c +++ b/block/elevator.c | |||
| @@ -150,7 +150,7 @@ void __init load_default_elevator_module(void) | |||
| 150 | 150 | ||
| 151 | static struct kobj_type elv_ktype; | 151 | static struct kobj_type elv_ktype; |
| 152 | 152 | ||
| 153 | static struct elevator_queue *elevator_alloc(struct request_queue *q, | 153 | struct elevator_queue *elevator_alloc(struct request_queue *q, |
| 154 | struct elevator_type *e) | 154 | struct elevator_type *e) |
| 155 | { | 155 | { |
| 156 | struct elevator_queue *eq; | 156 | struct elevator_queue *eq; |
| @@ -170,6 +170,7 @@ err: | |||
| 170 | elevator_put(e); | 170 | elevator_put(e); |
| 171 | return NULL; | 171 | return NULL; |
| 172 | } | 172 | } |
| 173 | EXPORT_SYMBOL(elevator_alloc); | ||
| 173 | 174 | ||
| 174 | static void elevator_release(struct kobject *kobj) | 175 | static void elevator_release(struct kobject *kobj) |
| 175 | { | 176 | { |
| @@ -221,16 +222,7 @@ int elevator_init(struct request_queue *q, char *name) | |||
| 221 | } | 222 | } |
| 222 | } | 223 | } |
| 223 | 224 | ||
| 224 | q->elevator = elevator_alloc(q, e); | 225 | err = e->ops.elevator_init_fn(q, e); |
| 225 | if (!q->elevator) | ||
| 226 | return -ENOMEM; | ||
| 227 | |||
| 228 | err = e->ops.elevator_init_fn(q); | ||
| 229 | if (err) { | ||
| 230 | kobject_put(&q->elevator->kobj); | ||
| 231 | return err; | ||
| 232 | } | ||
| 233 | |||
| 234 | return 0; | 226 | return 0; |
| 235 | } | 227 | } |
| 236 | EXPORT_SYMBOL(elevator_init); | 228 | EXPORT_SYMBOL(elevator_init); |
| @@ -935,16 +927,9 @@ static int elevator_switch(struct request_queue *q, struct elevator_type *new_e) | |||
| 935 | spin_unlock_irq(q->queue_lock); | 927 | spin_unlock_irq(q->queue_lock); |
| 936 | 928 | ||
| 937 | /* allocate, init and register new elevator */ | 929 | /* allocate, init and register new elevator */ |
| 938 | err = -ENOMEM; | 930 | err = new_e->ops.elevator_init_fn(q, new_e); |
| 939 | q->elevator = elevator_alloc(q, new_e); | 931 | if (err) |
| 940 | if (!q->elevator) | ||
| 941 | goto fail_init; | ||
| 942 | |||
| 943 | err = new_e->ops.elevator_init_fn(q); | ||
| 944 | if (err) { | ||
| 945 | kobject_put(&q->elevator->kobj); | ||
| 946 | goto fail_init; | 932 | goto fail_init; |
| 947 | } | ||
| 948 | 933 | ||
| 949 | if (registered) { | 934 | if (registered) { |
| 950 | err = elv_register_queue(q); | 935 | err = elv_register_queue(q); |