aboutsummaryrefslogtreecommitdiffstats
path: root/block
diff options
context:
space:
mode:
authorTejun Heo <tj@kernel.org>2012-03-23 09:02:53 -0400
committerJens Axboe <axboe@kernel.dk>2012-03-23 09:02:53 -0400
commiteb7d8c07f9c5fca6190b0d328179551122d1b8a3 (patch)
treeb75cd8a91faee93990ec03f0044d24111e51a918 /block
parent2b566fa55b9a94b53217c2818e6c5e5756eeb1a1 (diff)
cfq: fix cfqg ref handling when BLK_CGROUP && !CFQ_GROUP_IOSCHED
When BLK_CGROUP is enabled but CFQ_GROUP_IOSCHED is, cfq ends up calling blkg_get/put() on dummy cfqg leading to the following crash. BUG: unable to handle kernel NULL pointer dereference at 00000000000000b0 IP: [<ffffffff813d44d8>] cfq_init_queue+0x258/0x430 PGD 0 Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC CPU 0 Modules linked in: Pid: 1, comm: swapper/0 Not tainted 3.3.0-rc6-work+ #125 Bochs Bochs RIP: 0010:[<ffffffff813d44d8>] [<ffffffff813d44d8>] cfq_init_queue+0x258/0x430 RSP: 0018:ffff88001f9dfd80 EFLAGS: 00010046 RAX: ffff88001aefbbf0 RBX: ffff88001aeedbf0 RCX: 0000000000000100 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff820ffd40 RBP: ffff88001f9dfdd0 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000009 R14: ffff88001aefbc30 R15: 0000000000000003 FS: 0000000000000000(0000) GS:ffff88001fc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 00000000000000b0 CR3: 000000000206f000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process swapper/0 (pid: 1, threadinfo ffff88001f9de000, task ffff88001f9dc040) Stack: ffff88001aeedbf0 ffff88001aefbdb0 ffff88001aef1548 ffff88001aefbbf0 ffff88001f9dfdd0 ffff88001aef1548 ffffffff820d6320 ffffffff8165ce30 ffffffff82c555e0 ffff88001aeebbf0 ffff88001f9dfe00 ffffffff813b0507 Call Trace: [<ffffffff813b0507>] elevator_init+0xd7/0x140 [<ffffffff813b83d5>] blk_init_allocated_queue+0x125/0x150 [<ffffffff813b94d3>] blk_init_queue_node+0x43/0x80 [<ffffffff813b9523>] blk_init_queue+0x13/0x20 [<ffffffff821aec00>] floppy_init+0x82/0xec7 [<ffffffff810001d2>] do_one_initcall+0x42/0x170 [<ffffffff821835fc>] kernel_init+0xcb/0x14f [<ffffffff81b40b24>] kernel_thread_helper+0x4/0x10 Code: 00 e8 1d 9e 76 00 48 8b 43 48 48 85 c0 48 89 83 28 03 00 00 74 07 4c 8b a0 10 ff ff ff 8b 15 b0 2e d0 00 85 d2 0f 85 49 01 00 00 <41> 8b 84 24 b0 00 00 00 85 c0 0f 8e 8c 01 00 00 83 e8 01 85 c0 RIP [<ffffffff813d44d8>] cfq_init_queue+0x258/0x430 Because cfq's blkcg support has a on/off switch, CFQ_GROUP_IOSCHED, separate from BLK_CGROUP, blkg access through cfqg needs to be conditioned on it. * Make blkg_to_cfqg() and cfqg_to_blkg() conditioned on CFQ_GROUP_IOSCHED. If disabled, they always return %NULL. * Introduce cfqg_get() and cfqg_put() conditioned on CFQ_GROUP_IOSCHED. If disabled, they are noops. Reported-by: Fengguang Wu <fengguang.wu@intel.com> Signed-off-by: Tejun Heo <tj@kernel.org> Signed-off-by: Jens Axboe <axboe@kernel.dk>
Diffstat (limited to 'block')
-rw-r--r--block/cfq-iosched.c52
1 files changed, 35 insertions, 17 deletions
diff --git a/block/cfq-iosched.c b/block/cfq-iosched.c
index 7c3893d4447a..39c43307dc6c 100644
--- a/block/cfq-iosched.c
+++ b/block/cfq-iosched.c
@@ -306,16 +306,6 @@ struct cfq_data {
306 unsigned long last_delayed_sync; 306 unsigned long last_delayed_sync;
307}; 307};
308 308
309static inline struct cfq_group *blkg_to_cfqg(struct blkio_group *blkg)
310{
311 return blkg_to_pdata(blkg, &blkio_policy_cfq);
312}
313
314static inline struct blkio_group *cfqg_to_blkg(struct cfq_group *cfqg)
315{
316 return pdata_to_blkg(cfqg, &blkio_policy_cfq);
317}
318
319static struct cfq_group *cfq_get_next_cfqg(struct cfq_data *cfqd); 309static struct cfq_group *cfq_get_next_cfqg(struct cfq_data *cfqd);
320 310
321static struct cfq_rb_root *service_tree_for(struct cfq_group *cfqg, 311static struct cfq_rb_root *service_tree_for(struct cfq_group *cfqg,
@@ -377,6 +367,26 @@ CFQ_CFQQ_FNS(wait_busy);
377#undef CFQ_CFQQ_FNS 367#undef CFQ_CFQQ_FNS
378 368
379#ifdef CONFIG_CFQ_GROUP_IOSCHED 369#ifdef CONFIG_CFQ_GROUP_IOSCHED
370static inline struct cfq_group *blkg_to_cfqg(struct blkio_group *blkg)
371{
372 return blkg_to_pdata(blkg, &blkio_policy_cfq);
373}
374
375static inline struct blkio_group *cfqg_to_blkg(struct cfq_group *cfqg)
376{
377 return pdata_to_blkg(cfqg, &blkio_policy_cfq);
378}
379
380static inline void cfqg_get(struct cfq_group *cfqg)
381{
382 return blkg_get(cfqg_to_blkg(cfqg));
383}
384
385static inline void cfqg_put(struct cfq_group *cfqg)
386{
387 return blkg_put(cfqg_to_blkg(cfqg));
388}
389
380#define cfq_log_cfqq(cfqd, cfqq, fmt, args...) \ 390#define cfq_log_cfqq(cfqd, cfqq, fmt, args...) \
381 blk_add_trace_msg((cfqd)->queue, "cfq%d%c %s " fmt, (cfqq)->pid, \ 391 blk_add_trace_msg((cfqd)->queue, "cfq%d%c %s " fmt, (cfqq)->pid, \
382 cfq_cfqq_sync((cfqq)) ? 'S' : 'A', \ 392 cfq_cfqq_sync((cfqq)) ? 'S' : 'A', \
@@ -386,11 +396,19 @@ CFQ_CFQQ_FNS(wait_busy);
386 blk_add_trace_msg((cfqd)->queue, "%s " fmt, \ 396 blk_add_trace_msg((cfqd)->queue, "%s " fmt, \
387 blkg_path(cfqg_to_blkg((cfqg))), ##args) \ 397 blkg_path(cfqg_to_blkg((cfqg))), ##args) \
388 398
389#else 399#else /* CONFIG_CFQ_GROUP_IOSCHED */
400
401static inline struct cfq_group *blkg_to_cfqg(struct blkio_group *blkg) { return NULL; }
402static inline struct blkio_group *cfqg_to_blkg(struct cfq_group *cfqg) { return NULL; }
403static inline void cfqg_get(struct cfq_group *cfqg) { }
404static inline void cfqg_put(struct cfq_group *cfqg) { }
405
390#define cfq_log_cfqq(cfqd, cfqq, fmt, args...) \ 406#define cfq_log_cfqq(cfqd, cfqq, fmt, args...) \
391 blk_add_trace_msg((cfqd)->queue, "cfq%d " fmt, (cfqq)->pid, ##args) 407 blk_add_trace_msg((cfqd)->queue, "cfq%d " fmt, (cfqq)->pid, ##args)
392#define cfq_log_cfqg(cfqd, cfqg, fmt, args...) do {} while (0) 408#define cfq_log_cfqg(cfqd, cfqg, fmt, args...) do {} while (0)
393#endif 409
410#endif /* CONFIG_CFQ_GROUP_IOSCHED */
411
394#define cfq_log(cfqd, fmt, args...) \ 412#define cfq_log(cfqd, fmt, args...) \
395 blk_add_trace_msg((cfqd)->queue, "cfq " fmt, ##args) 413 blk_add_trace_msg((cfqd)->queue, "cfq " fmt, ##args)
396 414
@@ -1090,7 +1108,7 @@ static void cfq_link_cfqq_cfqg(struct cfq_queue *cfqq, struct cfq_group *cfqg)
1090 1108
1091 cfqq->cfqg = cfqg; 1109 cfqq->cfqg = cfqg;
1092 /* cfqq reference on cfqg */ 1110 /* cfqq reference on cfqg */
1093 blkg_get(cfqg_to_blkg(cfqg)); 1111 cfqg_get(cfqg);
1094} 1112}
1095 1113
1096#else /* GROUP_IOSCHED */ 1114#else /* GROUP_IOSCHED */
@@ -2505,7 +2523,7 @@ static void cfq_put_queue(struct cfq_queue *cfqq)
2505 2523
2506 BUG_ON(cfq_cfqq_on_rr(cfqq)); 2524 BUG_ON(cfq_cfqq_on_rr(cfqq));
2507 kmem_cache_free(cfq_pool, cfqq); 2525 kmem_cache_free(cfq_pool, cfqq);
2508 blkg_put(cfqg_to_blkg(cfqg)); 2526 cfqg_put(cfqg);
2509} 2527}
2510 2528
2511static void cfq_put_cooperator(struct cfq_queue *cfqq) 2529static void cfq_put_cooperator(struct cfq_queue *cfqq)
@@ -3276,7 +3294,7 @@ static void cfq_put_request(struct request *rq)
3276 cfqq->allocated[rw]--; 3294 cfqq->allocated[rw]--;
3277 3295
3278 /* Put down rq reference on cfqg */ 3296 /* Put down rq reference on cfqg */
3279 blkg_put(cfqg_to_blkg(RQ_CFQG(rq))); 3297 cfqg_put(RQ_CFQG(rq));
3280 rq->elv.priv[0] = NULL; 3298 rq->elv.priv[0] = NULL;
3281 rq->elv.priv[1] = NULL; 3299 rq->elv.priv[1] = NULL;
3282 3300
@@ -3364,7 +3382,7 @@ new_queue:
3364 cfqq->allocated[rw]++; 3382 cfqq->allocated[rw]++;
3365 3383
3366 cfqq->ref++; 3384 cfqq->ref++;
3367 blkg_get(cfqg_to_blkg(cfqq->cfqg)); 3385 cfqg_get(cfqq->cfqg);
3368 rq->elv.priv[0] = cfqq; 3386 rq->elv.priv[0] = cfqq;
3369 rq->elv.priv[1] = cfqq->cfqg; 3387 rq->elv.priv[1] = cfqq->cfqg;
3370 spin_unlock_irq(q->queue_lock); 3388 spin_unlock_irq(q->queue_lock);
@@ -3545,7 +3563,7 @@ static int cfq_init_queue(struct request_queue *q)
3545 3563
3546 spin_lock_irq(q->queue_lock); 3564 spin_lock_irq(q->queue_lock);
3547 cfq_link_cfqq_cfqg(&cfqd->oom_cfqq, cfqd->root_group); 3565 cfq_link_cfqq_cfqg(&cfqd->oom_cfqq, cfqd->root_group);
3548 blkg_put(cfqg_to_blkg(cfqd->root_group)); 3566 cfqg_put(cfqd->root_group);
3549 spin_unlock_irq(q->queue_lock); 3567 spin_unlock_irq(q->queue_lock);
3550 3568
3551 init_timer(&cfqd->idle_slice_timer); 3569 init_timer(&cfqd->idle_slice_timer);