Commit 72961c4e authored by Jens Axboe's avatar Jens Axboe

bfq-iosched: ensure to clear bic/bfqq pointers when preparing request

Even if we don't have an IO context attached to a request, we still
need to clear the priv[0..1] pointers, as they could be pointing
to previously used bic/bfqq structures. If we don't do so, we'll
either corrupt memory on dispatching a request, or cause an
imbalance in counters.

Inspired by a fix from Kees.
Reported-by: default avatarOleksandr Natalenko <oleksandr@natalenko.name>
Reported-by: default avatarKees Cook <keescook@chromium.org>
Cc: stable@vger.kernel.org
Fixes: aee69d78 ("block, bfq: introduce the BFQ-v0 I/O scheduler as an extra scheduler")
Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
parent f4560231
......@@ -4934,8 +4934,16 @@ static void bfq_prepare_request(struct request *rq, struct bio *bio)
bool new_queue = false;
bool bfqq_already_existing = false, split = false;
if (!rq->elv.icq)
/*
* Even if we don't have an icq attached, we should still clear
* the scheduler pointers, as they might point to previously
* allocated bic/bfqq structs.
*/
if (!rq->elv.icq) {
rq->elv.priv[0] = rq->elv.priv[1] = NULL;
return;
}
bic = icq_to_bic(rq->elv.icq);
spin_lock_irq(&bfqd->lock);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment