Commit 0a6219a9 authored by Ming Lei's avatar Ming Lei Committed by Jens Axboe

block: deal with stale req count of plug list

In both legacy and mq path, req count of plug list is computed
before allocating request, so the number can be stale when falling
back to slept allocation, also the new introduced wbt can sleep
too.

This patch deals with the case by checking if plug list becomes
empty, and fixes the KASAN report of 'BUG: KASAN: stack-out-of-bounds'
which is introduced by Shaohua's patches of dispatching big request.

Fixes: 600271d9(blk-mq: immediately dispatch big size request)
Fixes: 50d24c34(block: immediately dispatch big size request)
Cc: Shaohua Li <shli@fb.com>
Signed-off-by: default avatarMing Lei <ming.lei@canonical.com>
Signed-off-by: default avatarJens Axboe <axboe@fb.com>
parent 2868f13c
...@@ -1753,8 +1753,11 @@ static blk_qc_t blk_queue_bio(struct request_queue *q, struct bio *bio) ...@@ -1753,8 +1753,11 @@ static blk_qc_t blk_queue_bio(struct request_queue *q, struct bio *bio)
/* /*
* If this is the first request added after a plug, fire * If this is the first request added after a plug, fire
* of a plug trace. * of a plug trace.
*
* @request_count may become stale because of schedule
* out, so check plug list again.
*/ */
if (!request_count) if (!request_count || list_empty(&plug->list))
trace_block_plug(q); trace_block_plug(q);
else { else {
struct request *last = list_entry_rq(plug->list.prev); struct request *last = list_entry_rq(plug->list.prev);
......
...@@ -1497,6 +1497,13 @@ static blk_qc_t blk_sq_make_request(struct request_queue *q, struct bio *bio) ...@@ -1497,6 +1497,13 @@ static blk_qc_t blk_sq_make_request(struct request_queue *q, struct bio *bio)
struct request *last = NULL; struct request *last = NULL;
blk_mq_bio_to_request(rq, bio); blk_mq_bio_to_request(rq, bio);
/*
* @request_count may become stale because of schedule
* out, so check the list again.
*/
if (list_empty(&plug->mq_list))
request_count = 0;
if (!request_count) if (!request_count)
trace_block_plug(q); trace_block_plug(q);
else else
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment