Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp5163265ybp; Mon, 14 Oct 2019 16:43:21 -0700 (PDT) X-Google-Smtp-Source: APXvYqzjoKFjAw1dPYhaSxWbcJFJJuxHaJeTclVTNOMJ4mz/OAPZ2a0ZNACWRz/9V05FlkN1PnEJ X-Received: by 2002:a17:906:386:: with SMTP id b6mr30561007eja.148.1571096601882; Mon, 14 Oct 2019 16:43:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571096601; cv=none; d=google.com; s=arc-20160816; b=MBFGZNS+K/OxhwwbJC8wU1o9FNNl0Fw8oH+uz83pNrApm1x5xSPVuMfUGaPPGjKj42 Ngivy5hnVNOoq+UG60K7rCcy5dt1GGF9TK2nZtjJjypzSJmyBHhWDiVaR6uWoSfgMXl1 u7zNvkyHnFfIGmJL742hNJjwdY0V9Spfsa+6rTeG86wqf2BKS96zA2xp6V6r3k1PidhD K32draXA1gEJnAaCS145HMWmSKZ9IlgxP4cotO9TzgdZnz77mmrD6zm9phwKxZM1bTxf kxEYlbALG2oEV+tZpjf/II3nBnFQSwMtlmkQIShixT8+7CDxvIUxanbNCDgOxHFlrB4s HQew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:content-disposition :mime-version:message-id:subject:cc:to:from:date:dkim-signature; bh=g7fjAjGpffs0qGSw9Zw3h1P0ZmgciCK8ISjc2ELqOLg=; b=ZvrOsXJoH2Cs6L4vgF5XtCXUdstO8eYDOUz+b2tC7WhobjoQSfkDbM4nOUhqIa+GPX 9hA8g0I+qt8oTySewxpbkoZgFKnegy8RBrrarl2Dy85mcUw+PhMICCzUAfNl/ISW9V2h 71NeQyUhEfWGXxKh/L0sII/IeL15fR/uUFibr8gzkfbYGLatp1AG2jVDDMCbgmmS03Pe zFp4MSduU/Ly4VoSd9Qg6ea30NbCmJbkdSG41Ope+7Wpy5xq0lgvIoomvsLixVtbVvWp N8mMM/Ixa4cV9BzEjSA84ezUfwTvOtMIlLnbH4Nf9NhSxCbOnvgdG1vANVIKFT1vZcNN rxaQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=WsXD7B71; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n6si12174777edq.228.2019.10.14.16.42.57; Mon, 14 Oct 2019 16:43:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=WsXD7B71; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732901AbfJNSub (ORCPT + 99 others); Mon, 14 Oct 2019 14:50:31 -0400 Received: from mail-qk1-f196.google.com ([209.85.222.196]:38859 "EHLO mail-qk1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731149AbfJNSub (ORCPT ); Mon, 14 Oct 2019 14:50:31 -0400 Received: by mail-qk1-f196.google.com with SMTP id x4so12892210qkx.5; Mon, 14 Oct 2019 11:50:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:mime-version :content-disposition:user-agent; bh=g7fjAjGpffs0qGSw9Zw3h1P0ZmgciCK8ISjc2ELqOLg=; b=WsXD7B71URX9qt4oD4s6S/P9sc9RIDXUOS+UTtspwA9XTg84YaEr62+DyRQ2dReZCB n/HOl4vdlE3iv19wa8V7GPUzYor5FSGvmOwztw7nhKsdpSp25l7Aexm/dfL2TjKet5Cu epndsDNQxK3IDLmpuwnirZ3r9+RqElg8tkajtb2sz1XJ3Clx5E0Qju+Jqu60bzkyG8ta 8HsV7bw7FdnHgrovk1vEcrsXPxk1m/WBoHpqOgsC6+m32mE97aq0AATcNzFCef3ci5+X pjNiy63NxGcvNWjPWyNm3d41isW8sGvzflmErSh1Kj+acqzCexP0MjEDkb/ajpPzxpJZ hBdQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :mime-version:content-disposition:user-agent; bh=g7fjAjGpffs0qGSw9Zw3h1P0ZmgciCK8ISjc2ELqOLg=; b=ENiWYFi549wrxgR9cuYqEAmy/KyD9UiOIwDgYFl2z6hxyUGImizlbvpfXlLmhoGgqQ Q+p6kxCQgmKuVOoMd4s/ECoo0/aMLJvLUI7YzhZ7SwJBsn4bmeFFrni6O4hzL7IkY6If ivmv9Mf2RMtYnt8Cmgtu1PheAOhTkfV71PwdS73EQ15If6M9Q4C7ZuFiUa3k4sI3YC79 66EQsO7C+ujOv4Sl1gF3D0uTVgEu8Sf8c4ex1h3SLFIPu9sLPVhm3Tnt3DsPCvzTNRK5 TQg228mH5S0HMnUCvlNMci00BrlNS/iUiFd/nmfP7qSg+SC2eb6+X/J/JAiBJ+duFJsR 8ikw== X-Gm-Message-State: APjAAAU4CKGo1esRXPQvmsjvt2Nz2o8Qp7kDyQQr6HZN35DPtRF0XBl2 D5y/NI/z5QTGK/ZadKmNRZI= X-Received: by 2002:a37:bd03:: with SMTP id n3mr713929qkf.52.1571079030181; Mon, 14 Oct 2019 11:50:30 -0700 (PDT) Received: from localhost ([2620:10d:c091:500::1:50c5]) by smtp.gmail.com with ESMTPSA id y22sm9355501qka.59.2019.10.14.11.50.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 14 Oct 2019 11:50:29 -0700 (PDT) Date: Mon, 14 Oct 2019 11:50:27 -0700 From: Tejun Heo To: Jens Axboe Cc: linux-block@vger.kernel.org, newella@fb.com, kernel-team@fb.com, linux-kernel@vger.kernel.org Subject: [PATCH block/for-linus] blkcg: Fix ->pd_alloc_fn() being called with the wrong blkcg on policy activation Message-ID: <20191014185027.GH18794@devbig004.ftw2.facebook.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org cf09a8ee19ad ("blkcg: pass @q and @blkcg into blkcg_pol_alloc_pd_fn()") added @blkcg to ->pd_alloc_fn(); however, blkcg_activate_policy() ends up using pd's allocated for the root blkcg for all preallocations, so ->pd_init_fn() for non-root blkcgs can be passed in pd's which are allocated for the root blkcg. For blk-iocost, this means that ->pd_init_fn() can write beyond the end of the allocated object as it determines the length of the flex array at the end based on the blkcg's nesting level. Signed-off-by: Tejun Heo Fixes: cf09a8ee19ad ("blkcg: pass @q and @blkcg into blkcg_pol_alloc_pd_fn()") --- block/blk-cgroup.c | 43 +++++++++++++++++++++++++++++-------------- 1 file changed, 29 insertions(+), 14 deletions(-) --- a/block/blk-cgroup.c +++ b/block/blk-cgroup.c @@ -1362,7 +1362,7 @@ int blkcg_activate_policy(struct request const struct blkcg_policy *pol) { struct blkg_policy_data *pd_prealloc = NULL; - struct blkcg_gq *blkg; + struct blkcg_gq *blkg, *pinned_blkg = NULL; int ret; if (blkcg_policy_enabled(q, pol)) @@ -1370,15 +1370,7 @@ int blkcg_activate_policy(struct request if (queue_is_mq(q)) blk_mq_freeze_queue(q); -pd_prealloc: - if (!pd_prealloc) { - pd_prealloc = pol->pd_alloc_fn(GFP_KERNEL, q, &blkcg_root); - if (!pd_prealloc) { - ret = -ENOMEM; - goto out_bypass_end; - } - } - +retry: spin_lock_irq(&q->queue_lock); /* blkg_list is pushed at the head, reverse walk to init parents first */ @@ -1388,12 +1380,31 @@ pd_prealloc: if (blkg->pd[pol->plid]) continue; - pd = pol->pd_alloc_fn(GFP_NOWAIT | __GFP_NOWARN, q, &blkcg_root); - if (!pd) - swap(pd, pd_prealloc); + if (blkg == pinned_blkg) { + pd = pd_prealloc; + pd_prealloc = NULL; + } else { + pd = pol->pd_alloc_fn(GFP_NOWAIT | __GFP_NOWARN, q, + blkg->blkcg); + } + if (!pd) { + if (pinned_blkg) + blkg_put(pinned_blkg); + blkg_get(blkg); + pinned_blkg = blkg; + spin_unlock_irq(&q->queue_lock); - goto pd_prealloc; + + kfree(pd_prealloc); + pd_prealloc = pol->pd_alloc_fn(GFP_KERNEL, q, + blkg->blkcg); + if (pd_prealloc) { + goto retry; + } else { + ret = -ENOMEM; + goto out_bypass_end; + } } blkg->pd[pol->plid] = pd; @@ -1403,6 +1414,10 @@ pd_prealloc: pol->pd_init_fn(pd); } + if (pinned_blkg) + blkg_put(pinned_blkg); + kfree(pd_prealloc); + __set_bit(pol->plid, q->blkcg_pols); ret = 0;