block: deal with stale req count of plug list
authorMing Lei <ming.lei@canonical.com>
Wed, 16 Nov 2016 10:07:05 +0000 (18:07 +0800)
committerJens Axboe <axboe@fb.com>
Wed, 16 Nov 2016 15:09:51 +0000 (08:09 -0700)
In both legacy and mq path, req count of plug list is computed
before allocating request, so the number can be stale when falling
back to slept allocation, also the new introduced wbt can sleep
too.

This patch deals with the case by checking if plug list becomes
empty, and fixes the KASAN report of 'BUG: KASAN: stack-out-of-bounds'
which is introduced by Shaohua's patches of dispatching big request.

Fixes: 600271d900002(blk-mq: immediately dispatch big size request)
Fixes: 50d24c34403c6(block: immediately dispatch big size request)
Cc: Shaohua Li <shli@fb.com>
Signed-off-by: Ming Lei <ming.lei@canonical.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
block/blk-core.c
block/blk-mq.c

index eea246567884bc37d45d40fe75ba60bbfc12221b..473dd698effdb8c414ac52f1cb442db58d148238 100644 (file)
@@ -1753,8 +1753,11 @@ get_rq:
                /*
                 * If this is the first request added after a plug, fire
                 * of a plug trace.
+                *
+                * @request_count may become stale because of schedule
+                * out, so check plug list again.
                 */
-               if (!request_count)
+               if (!request_count || list_empty(&plug->list))
                        trace_block_plug(q);
                else {
                        struct request *last = list_entry_rq(plug->list.prev);
index ae8df5ec20d3860663bad8bdd2ef271f8eadc491..f39e69c732cc628c7fa54802160a2c495b28e87d 100644 (file)
@@ -1497,6 +1497,13 @@ static blk_qc_t blk_sq_make_request(struct request_queue *q, struct bio *bio)
                struct request *last = NULL;
 
                blk_mq_bio_to_request(rq, bio);
+
+               /*
+                * @request_count may become stale because of schedule
+                * out, so check the list again.
+                */
+               if (list_empty(&plug->mq_list))
+                       request_count = 0;
                if (!request_count)
                        trace_block_plug(q);
                else