| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 19 Sep 2016 11:34:29 -0700 From: Omar Sandoval <osandov@...ndov.com> To: Alexander Gordeev <agordeev@...hat.com> Cc: linux-kernel@...r.kernel.org, linux-block@...r.kernel.org Subject: Re: [PATCH 02/14] blk-mq: Fix a potential NULL pointer assignment to hctx tags On Sun, Sep 18, 2016 at 09:37:12AM +0200, Alexander Gordeev wrote: > If number of used hardware queues is dynamically decreased > then tags corresponding to the newly unused queues are freed. > > If previously unused hardware queues are then reused again > they will start referring the previously freed tags. > > CC: linux-block@...r.kernel.org > Signed-off-by: Alexander Gordeev <agordeev@...hat.com> > --- > block/blk-mq.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/block/blk-mq.c b/block/blk-mq.c > index 66505af7..7fa58fe 100644 > --- a/block/blk-mq.c > +++ b/block/blk-mq.c > @@ -1995,6 +1995,8 @@ static void blk_mq_realloc_hw_ctxs(struct blk_mq_tag_set *set, > > if (hctxs[i]) > continue; > + if (!set->tags[i]) > + break; > > node = blk_mq_hw_queue_to_node(q->mq_map, i); > hctxs[i] = kzalloc_node(sizeof(struct blk_mq_hw_ctx), In blk_mq_map_swqueue(), we have: /* unmapped hw queue can be remapped after CPU topo changed */ if (!set->tags[i]) set->tags[i] = blk_mq_init_rq_map(set, i); hctx->tags = set->tags[i]; WARN_ON(!hctx->tags); blk_mq_map_swqueue() is called from blk_mq_queue_reinit(), which we call from blk_mq_update_nr_hw_queues(). Is that not enough? This initialization/resizing is a bit of a twisty maze and it's hard to convince myself that it's all correct, so cleanup here is probably valuable. -- Omar
Powered by blists - more mailing lists