• Tejun Heo's avatar
    cfq-iosched: fix oom cfq_queue ref leak in cfq_set_request() · bce6133b
    Tejun Heo authored
    If the cfq_queue cached in cfq_io_cq is the oom one, cfq_set_request()
    replaces it by invoking cfq_get_queue() again without putting the oom
    queue leaking the reference it was holding.  While oom queues are not
    released through reference counting, they're still reference counted
    and this can theoretically lead to the reference count overflowing and
    incorrectly invoke the usual release path on it.
    
    Fix it by making cfq_set_request() put the ref it was holding.
    Signed-off-by: default avatarTejun Heo <tj@kernel.org>
    Acked-by: default avatarJeff Moyer <jmoyer@redhat.com>
    Cc: Vivek Goyal <vgoyal@redhat.com>
    Cc: Arianna Avanzini <avanzini.arianna@gmail.com>
    Signed-off-by: default avatarJens Axboe <axboe@fb.com>
    bce6133b
cfq-iosched.c 122 KB