mirror of
https://github.com/followmsi/android_kernel_google_msm.git
synced 2024-11-06 23:17:41 +00:00
a6ad83fce0
commit d50235b7bc
upstream.
There's a race between elevator switching and normal io operation.
Because the allocation of struct elevator_queue and struct elevator_data
don't in a atomic operation.So there are have chance to use NULL
->elevator_data.
For example:
Thread A: Thread B
blk_queu_bio elevator_switch
spin_lock_irq(q->queue_block) elevator_alloc
elv_merge elevator_init_fn
Because call elevator_alloc, it can't hold queue_lock and the
->elevator_data is NULL.So at the same time, threadA call elv_merge and
nedd some info of elevator_data.So the crash happened.
Move the elevator_alloc into func elevator_init_fn, it make the
operations in a atomic operation.
Using the follow method can easy reproduce this bug
1:dd if=/dev/sdb of=/dev/null
2:while true;do echo noop > scheduler;echo deadline > scheduler;done
The test method also use this method.
Signed-off-by: Jianpeng Ma <majianpeng@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Cc: Jonghwan Choi <jhbird.choi@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
124 lines
2.7 KiB
C
124 lines
2.7 KiB
C
/*
|
|
* elevator noop
|
|
*/
|
|
#include <linux/blkdev.h>
|
|
#include <linux/elevator.h>
|
|
#include <linux/bio.h>
|
|
#include <linux/module.h>
|
|
#include <linux/slab.h>
|
|
#include <linux/init.h>
|
|
|
|
struct noop_data {
|
|
struct list_head queue;
|
|
};
|
|
|
|
static void noop_merged_requests(struct request_queue *q, struct request *rq,
|
|
struct request *next)
|
|
{
|
|
list_del_init(&next->queuelist);
|
|
}
|
|
|
|
static int noop_dispatch(struct request_queue *q, int force)
|
|
{
|
|
struct noop_data *nd = q->elevator->elevator_data;
|
|
|
|
if (!list_empty(&nd->queue)) {
|
|
struct request *rq;
|
|
rq = list_entry(nd->queue.next, struct request, queuelist);
|
|
list_del_init(&rq->queuelist);
|
|
elv_dispatch_sort(q, rq);
|
|
return 1;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
static void noop_add_request(struct request_queue *q, struct request *rq)
|
|
{
|
|
struct noop_data *nd = q->elevator->elevator_data;
|
|
|
|
list_add_tail(&rq->queuelist, &nd->queue);
|
|
}
|
|
|
|
static struct request *
|
|
noop_former_request(struct request_queue *q, struct request *rq)
|
|
{
|
|
struct noop_data *nd = q->elevator->elevator_data;
|
|
|
|
if (rq->queuelist.prev == &nd->queue)
|
|
return NULL;
|
|
return list_entry(rq->queuelist.prev, struct request, queuelist);
|
|
}
|
|
|
|
static struct request *
|
|
noop_latter_request(struct request_queue *q, struct request *rq)
|
|
{
|
|
struct noop_data *nd = q->elevator->elevator_data;
|
|
|
|
if (rq->queuelist.next == &nd->queue)
|
|
return NULL;
|
|
return list_entry(rq->queuelist.next, struct request, queuelist);
|
|
}
|
|
|
|
static int noop_init_queue(struct request_queue *q, struct elevator_type *e)
|
|
{
|
|
struct noop_data *nd;
|
|
struct elevator_queue *eq;
|
|
|
|
eq = elevator_alloc(q, e);
|
|
if (!eq)
|
|
return -ENOMEM;
|
|
|
|
nd = kmalloc_node(sizeof(*nd), GFP_KERNEL, q->node);
|
|
if (!nd) {
|
|
kobject_put(&eq->kobj);
|
|
return -ENOMEM;
|
|
}
|
|
eq->elevator_data = nd;
|
|
|
|
INIT_LIST_HEAD(&nd->queue);
|
|
|
|
spin_lock_irq(q->queue_lock);
|
|
q->elevator = eq;
|
|
spin_unlock_irq(q->queue_lock);
|
|
return 0;
|
|
}
|
|
|
|
static void noop_exit_queue(struct elevator_queue *e)
|
|
{
|
|
struct noop_data *nd = e->elevator_data;
|
|
|
|
BUG_ON(!list_empty(&nd->queue));
|
|
kfree(nd);
|
|
}
|
|
|
|
static struct elevator_type elevator_noop = {
|
|
.ops = {
|
|
.elevator_merge_req_fn = noop_merged_requests,
|
|
.elevator_dispatch_fn = noop_dispatch,
|
|
.elevator_add_req_fn = noop_add_request,
|
|
.elevator_former_req_fn = noop_former_request,
|
|
.elevator_latter_req_fn = noop_latter_request,
|
|
.elevator_init_fn = noop_init_queue,
|
|
.elevator_exit_fn = noop_exit_queue,
|
|
},
|
|
.elevator_name = "noop",
|
|
.elevator_owner = THIS_MODULE,
|
|
};
|
|
|
|
static int __init noop_init(void)
|
|
{
|
|
return elv_register(&elevator_noop);
|
|
}
|
|
|
|
static void __exit noop_exit(void)
|
|
{
|
|
elv_unregister(&elevator_noop);
|
|
}
|
|
|
|
module_init(noop_init);
|
|
module_exit(noop_exit);
|
|
|
|
|
|
MODULE_AUTHOR("Jens Axboe");
|
|
MODULE_LICENSE("GPL");
|
|
MODULE_DESCRIPTION("No-op IO scheduler");
|