authorMing Lei <ming.lei@canonical.com>2016-11-16 18:07:05 +0800
committerJens Axboe <axboe@fb.com>2016-11-16 08:09:51 -0700
commit0a6219a95f0b0690fb7094acb26002e7a4791197 (patch)
treef965302c4a95854447b360d0d6c41dabfc28171e /block
parent2868f13c303e1472bfd3941c62916c1f4128a713 (diff)
block: deal with stale req count of plug list
In both legacy and mq path, req count of plug list is computed before allocating request, so the number can be stale when falling back to slept allocation, also the new introduced wbt can sleep too. This patch deals with the case by checking if plug list becomes empty, and fixes the KASAN report of 'BUG: KASAN: stack-out-of-bounds' which is introduced by Shaohua's patches of dispatching big request. Fixes: 600271d900002(blk-mq: immediately dispatch big size request) Fixes: 50d24c34403c6(block: immediately dispatch big size request) Cc: Shaohua Li <shli@fb.com> Signed-off-by: Ming Lei <ming.lei@canonical.com> Signed-off-by: Jens Axboe <axboe@fb.com>
2 files changed, 11 insertions, 1 deletions
diff --git a/block/blk-core.c b/block/blk-core.c
index eea246567884..473dd698effd 100644
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -1753,8 +1753,11 @@ get_rq:
* If this is the first request added after a plug, fire
* of a plug trace.
+ *
+ * @request_count may become stale because of schedule
+ * out, so check plug list again.
- if (!request_count)
+ if (!request_count || list_empty(&plug->list))
else {
struct request *last = list_entry_rq(plug->list.prev);
diff --git a/block/blk-mq.c b/block/blk-mq.c
index ae8df5ec20d3..f39e69c732cc 100644
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -1497,6 +1497,13 @@ static blk_qc_t blk_sq_make_request(struct request_queue *q, struct bio *bio)
struct request *last = NULL;
blk_mq_bio_to_request(rq, bio);
+ /*
+ * @request_count may become stale because of schedule
+ * out, so check the list again.
+ */
+ if (list_empty(&plug->mq_list))
+ request_count = 0;
if (!request_count)