2009-09-03 03:10:54

by Munehiro Ikeda

[permalink] [raw]
Subject: Re: [PATCH 07/23] io-controller: Common hierarchical fair queuing code in elevaotor layer

Hi,

Vivek Goyal wrote, on 08/28/2009 05:30 PM:
> +static struct io_group *io_find_alloc_group(struct request_queue *q,
> + struct cgroup *cgroup, struct elv_fq_data *efqd,
> + int create)
> +{
> + struct io_cgroup *iocg = cgroup_to_io_cgroup(cgroup);
> + struct io_group *iog = NULL;
> + /* Note: Use efqd as key */
> + void *key = efqd;
> +
> + /*
> + * Take a refenrece to css object. Don't want to map a bio to
> + * a group if it has been marked for deletion
> + */
> +
> + if (!css_tryget(&iocg->css))
> + return iog;

cgroup_to_io_cgroup() returns NULL if only blkio subsystem
is mounted but io subsystem is not. It can cause NULL pointer
access.

Signed-off-by: Munehiro "Muuhh" Ikeda <[email protected]>
---
block/elevator-fq.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/block/elevator-fq.c b/block/elevator-fq.c
index b723c12..6714e73 100644
--- a/block/elevator-fq.c
+++ b/block/elevator-fq.c
@@ -1827,7 +1827,7 @@ static struct io_group *io_find_alloc_group(struct request_queue *q,
* a group if it has been marked for deletion
*/

- if (!css_tryget(&iocg->css))
+ if (!iocg || !css_tryget(&iocg->css))
return iog;

iog = io_cgroup_lookup_group(iocg, key);
--
1.6.2.5


--
IKEDA, Munehiro
NEC Corporation of America
[email protected]


2009-09-10 20:12:31

by Vivek Goyal

[permalink] [raw]
Subject: Re: [PATCH 07/23] io-controller: Common hierarchical fair queuing code in elevaotor layer

On Wed, Sep 02, 2009 at 11:08:09PM -0400, Munehiro Ikeda wrote:
> Hi,
>
> Vivek Goyal wrote, on 08/28/2009 05:30 PM:
> > +static struct io_group *io_find_alloc_group(struct request_queue *q,
> > + struct cgroup *cgroup, struct elv_fq_data *efqd,
> > + int create)
> > +{
> > + struct io_cgroup *iocg = cgroup_to_io_cgroup(cgroup);
> > + struct io_group *iog = NULL;
> > + /* Note: Use efqd as key */
> > + void *key = efqd;
> > +
> > + /*
> > + * Take a refenrece to css object. Don't want to map a bio to
> > + * a group if it has been marked for deletion
> > + */
> > +
> > + if (!css_tryget(&iocg->css))
> > + return iog;
>
> cgroup_to_io_cgroup() returns NULL if only blkio subsystem
> is mounted but io subsystem is not. It can cause NULL pointer
> access.
>

Good catch Muuhh. Thanks. Applied for next release.

Thanks
Vivek

> Signed-off-by: Munehiro "Muuhh" Ikeda <[email protected]>
> ---
> block/elevator-fq.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/block/elevator-fq.c b/block/elevator-fq.c
> index b723c12..6714e73 100644
> --- a/block/elevator-fq.c
> +++ b/block/elevator-fq.c
> @@ -1827,7 +1827,7 @@ static struct io_group *io_find_alloc_group(struct request_queue *q,
> * a group if it has been marked for deletion
> */
>
> - if (!css_tryget(&iocg->css))
> + if (!iocg || !css_tryget(&iocg->css))
> return iog;
>
> iog = io_cgroup_lookup_group(iocg, key);
> --
> 1.6.2.5
>
>
> --
> IKEDA, Munehiro
> NEC Corporation of America
> [email protected]