block, bfq: use pointer entity->sched_data only if set
authorPaolo Valente <paolo.valente@linaro.org>
Tue, 9 May 2017 09:37:27 +0000 (11:37 +0200)
committerJens Axboe <axboe@fb.com>
Wed, 10 May 2017 13:39:43 +0000 (07:39 -0600)
In the function __bfq_deactivate_entity, the pointer
entity->sched_data could happen to be used before being properly
initialized. This led to a NULL pointer dereference. This commit fixes
this bug by just using this pointer only where it is safe to do so.

Reported-by: Tom Harrison <l12436.tw@gmail.com>
Tested-by: Tom Harrison <l12436.tw@gmail.com>
Signed-off-by: Paolo Valente <paolo.valente@linaro.org>
Signed-off-by: Jens Axboe <axboe@fb.com>
block/bfq-wf2q.c

index b4fc3e4260b71f91ee8e989ddf9b09b0d7986a13..8726ede19eef2c632a8e53d2bc340a7cae832e6e 100644 (file)
@@ -1114,12 +1114,21 @@ static void bfq_activate_requeue_entity(struct bfq_entity *entity,
 bool __bfq_deactivate_entity(struct bfq_entity *entity, bool ins_into_idle_tree)
 {
        struct bfq_sched_data *sd = entity->sched_data;
-       struct bfq_service_tree *st = bfq_entity_service_tree(entity);
-       int is_in_service = entity == sd->in_service_entity;
+       struct bfq_service_tree *st;
+       bool is_in_service;
 
        if (!entity->on_st) /* entity never activated, or already inactive */
                return false;
 
+       /*
+        * If we get here, then entity is active, which implies that
+        * bfq_group_set_parent has already been invoked for the group
+        * represented by entity. Therefore, the field
+        * entity->sched_data has been set, and we can safely use it.
+        */
+       st = bfq_entity_service_tree(entity);
+       is_in_service = entity == sd->in_service_entity;
+
        if (is_in_service)
                bfq_calc_finish(entity, entity->service);