Skip to main content

Browse the archive

swh:1:snp:38ae39f9fd01a4b0ef06fab5668b65bf4c2aca03
Revision 5044eed48886b105a123333fe7ca97c6bd496120 authored by Jens Axboe on 25 April 2007, 09:53:48 UTC, committed by Linus Torvalds on 25 April 2007, 15:41:48 UTC 
cfq-iosched: fix alias + front merge bug
 
There's a really rare and obscure bug in CFQ, that causes a crash in
cfq_dispatch_insert() due to rq == NULL.  One example of the resulting
oops is seen here:

	http://lkml.org/lkml/2007/4/15/41

Neil correctly diagnosed the situation for how this can happen: if two
concurrent requests with the exact same sector number (due to direct IO
or aliasing between MD and the raw device access), the alias handling
will add the request to the sortlist, but next_rq remains NULL.

Read the more complete analysis at:

	http://lkml.org/lkml/2007/4/25/57

This looks like it requires md to trigger, even though it should
potentially be possible to due with O_DIRECT (at least if you edit the
kernel and doctor some of the unplug calls).

The fix is to move the ->next_rq update to when we add a request to the
rbtree. Then we remove the possibility for a request to exist in the
rbtree code, but not have ->next_rq correctly updated.

Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1 parent a23cf14
History
Tip revision: 0cdd776ec92c0fec768c7079331804d3e52d4b27 authored by Linus Torvalds on 15 May 2022, 15:08:51 UTC
Merge tag 'driver-core-5.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
Tip revision: 0cdd776
File Mode Size
Documentation
arch
block
crypto
drivers
fs
include
init
ipc
kernel
lib
mm
net
scripts
security
sound
usr
.gitignore -rw-r--r-- 572 bytes
.mailmap -rw-r--r-- 3.6 KB
COPYING -rw-r--r-- 18.3 KB
CREDITS -rw-r--r-- 88.9 KB
Kbuild -rw-r--r-- 1.2 KB
MAINTAINERS -rw-r--r-- 82.2 KB
Makefile -rw-r--r-- 49.1 KB
README -rw-r--r-- 16.5 KB
REPORTING-BUGS -rw-r--r-- 3.0 KB

README

back to top