Revision 4faa3c8150c1d4f7b38d962eda7851083e218e3f authored by Fabio Checconi on 10 April 2008, 06:28:01 UTC, committed by Jens Axboe on 10 April 2008, 06:28:01 UTC
When switching scheduler from cfq, cfq_exit_queue() does not clear
ioc->ioc_data, leaving a dangling pointer that can deceive the following
lookups when the iosched is switched back to cfq. The pattern that can
trigger that is the following:
- elevator switch from cfq to something else;
- module unloading, with elv_unregister() that calls cfq_free_io_context()
on ioc freeing the cic (via the .trim op);
- module gets reloaded and the elevator switches back to cfq;
- reallocation of a cic at the same address as before (with a valid key).
To fix it just assign NULL to ioc_data in __cfq_exit_single_io_context(),
that is called from the regular exit path and from the elevator switching
code. The only path that frees a cic and is not covered is the error handling
one, but cic's freed in this way are never cached in ioc_data.
Signed-off-by: Fabio Checconi <fabio@gandalf.sssup.it>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
1 parent 8191ecd
| File | Mode | Size |
|---|---|---|
| Documentation | ||
| arch | ||
| block | ||
| crypto | ||
| drivers | ||
| fs | ||
| include | ||
| init | ||
| ipc | ||
| kernel | ||
| lib | ||
| mm | ||
| net | ||
| samples | ||
| scripts | ||
| security | ||
| sound | ||
| usr | ||
| virt | ||
| .gitignore | -rw-r--r-- | 644 bytes |
| .mailmap | -rw-r--r-- | 3.6 KB |
| COPYING | -rw-r--r-- | 18.3 KB |
| CREDITS | -rw-r--r-- | 90.4 KB |
| Kbuild | -rw-r--r-- | 1.6 KB |
| MAINTAINERS | -rw-r--r-- | 94.9 KB |
| Makefile | -rw-r--r-- | 52.8 KB |
| README | -rw-r--r-- | 16.5 KB |
| REPORTING-BUGS | -rw-r--r-- | 3.1 KB |
Computing file changes ...
