f198e0a1af
refcount_inc_not_zero() in bt_tags_iter() still may read one freed request. Fix the issue by the following approach: 1) hold a per-tags spinlock when reading ->rqs[tag] and calling refcount_inc_not_zero in bt_tags_iter() 2) clearing stale request referred via ->rqs[tag] before freeing request pool, the per-tags spinlock is held for clearing stale ->rq[tag] So after we cleared stale requests, bt_tags_iter() won't observe freed request any more, also the clearing will wait for pending request reference. The idea of clearing ->rqs[] is borrowed from John Garry's previous patch and one recent David's patch. Tested-by: John Garry <john.garry@huawei.com> Reviewed-by: David Jeffery <djeffery@redhat.com> Reviewed-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Ming Lei <ming.lei@redhat.com> Bug: 197804811 Change-Id: If49478d7b05d3f5b0a26966ddf9ae764cf2fb6b0 (cherry picked from commit bd63141d585bef14f4caf111f6d0e27fe2300ec6) [ refactored to avoid breaking KMI ] Signed-off-by: Pradeep P V K <pragalla@codeaurora.org> Signed-off-by: Todd Kjos <tkjos@google.com> (cherry picked from commit bb96e7f45dc6ac1d6ec12190f1f286e3014fb068) Signed-off-by: Lee Jones <joneslee@google.com> |
||
---|---|---|
.. | ||
partitions | ||
badblocks.c | ||
bfq-cgroup.c | ||
bfq-iosched.c | ||
bfq-iosched.h | ||
bfq-wf2q.c | ||
bio-crypt-ctx.c | ||
bio-integrity.c | ||
bio.c | ||
blk-cgroup.c | ||
blk-core.c | ||
blk-crypto-fallback.c | ||
blk-crypto-internal.h | ||
blk-crypto.c | ||
blk-exec.c | ||
blk-flush.c | ||
blk-integrity.c | ||
blk-ioc.c | ||
blk-iolatency.c | ||
blk-lib.c | ||
blk-map.c | ||
blk-merge.c | ||
blk-mq-cpumap.c | ||
blk-mq-debugfs-zoned.c | ||
blk-mq-debugfs.c | ||
blk-mq-debugfs.h | ||
blk-mq-pci.c | ||
blk-mq-rdma.c | ||
blk-mq-sched.c | ||
blk-mq-sched.h | ||
blk-mq-sysfs.c | ||
blk-mq-tag.c | ||
blk-mq-tag.h | ||
blk-mq-virtio.c | ||
blk-mq.c | ||
blk-mq.h | ||
blk-rq-qos.c | ||
blk-rq-qos.h | ||
blk-settings.c | ||
blk-softirq.c | ||
blk-stat.c | ||
blk-stat.h | ||
blk-sysfs.c | ||
blk-tag.c | ||
blk-throttle.c | ||
blk-timeout.c | ||
blk-wbt.c | ||
blk-wbt.h | ||
blk-zoned.c | ||
blk.h | ||
bounce.c | ||
bsg-lib.c | ||
bsg.c | ||
cfq-iosched.c | ||
cmdline-parser.c | ||
compat_ioctl.c | ||
deadline-iosched.c | ||
elevator.c | ||
genhd.c | ||
ioctl.c | ||
ioprio.c | ||
Kconfig | ||
Kconfig.iosched | ||
keyslot-manager.c | ||
kyber-iosched.c | ||
Makefile | ||
mq-deadline.c | ||
noop-iosched.c | ||
opal_proto.h | ||
OWNERS | ||
partition-generic.c | ||
scsi_ioctl.c | ||
sed-opal.c | ||
t10-pi.c |