diff options
| author | Sam Bradshaw <sbradshaw@micron.com> | 2015-03-18 17:06:18 -0600 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2015-04-19 10:10:12 +0200 |
| commit | f0170f1971d247f924225f5b896edb55ef8c7c5a (patch) | |
| tree | 8fe114d58a1c33df8aea1d220d045c15148a2d9f /block | |
| parent | e008be66e703bd64b6cf4d1ec1f19e4cb99d3dd6 (diff) | |
blkmq: Fix NULL pointer deref when all reserved tags in
commit bc188d818edf325ae38cfa43254a0b10a4defd65 upstream.
When allocating from the reserved tags pool, bt_get() is called with
a NULL hctx. If all tags are in use, the hw queue is kicked to push
out any pending IO, potentially freeing tags, and tag allocation is
retried. The problem is that blk_mq_run_hw_queue() doesn't check for
a NULL hctx. So we avoid it with a simple NULL hctx test.
Tested by hammering mtip32xx with concurrent smartctl/hdparm.
Signed-off-by: Sam Bradshaw <sbradshaw@micron.com>
Signed-off-by: Selvan Mani <smani@micron.com>
Fixes: b32232073e80 ("blk-mq: fix hang in bt_get()")
Added appropriate comment.
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'block')
| -rw-r--r-- | block/blk-mq-tag.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/block/blk-mq-tag.c b/block/blk-mq-tag.c index 3a415ecfe3d4..e6b6283cb5e8 100644 --- a/block/blk-mq-tag.c +++ b/block/blk-mq-tag.c @@ -265,9 +265,11 @@ static int bt_get(struct blk_mq_alloc_data *data, /* * We're out of tags on this hardware queue, kick any * pending IO submits before going to sleep waiting for - * some to complete. + * some to complete. Note that hctx can be NULL here for + * reserved tag allocation. */ - blk_mq_run_hw_queue(hctx, false); + if (hctx) + blk_mq_run_hw_queue(hctx, false); /* * Retry tag allocation after running the hardware queue, |