• Jianpeng Ma's avatar
    elevator: Fix a race in elevator switching · d50235b7
    Jianpeng Ma authored
    There's a race between elevator switching and normal io operation.
        Because the allocation of struct elevator_queue and struct elevator_data
        don't in a atomic operation.So there are have chance to use NULL
        ->elevator_data.
        For example:
            Thread A:                               Thread B
            blk_queu_bio                            elevator_switch
            spin_lock_irq(q->queue_block)           elevator_alloc
            elv_merge                               elevator_init_fn
    
        Because call elevator_alloc, it can't hold queue_lock and the
        ->elevator_data is NULL.So at the same time, threadA call elv_merge and
        nedd some info of elevator_data.So the crash happened.
    
        Move the elevator_alloc into func elevator_init_fn, it make the
        operations in a atomic operation.
    
        Using the follow method can easy reproduce this bug
        1:dd if=/dev/sdb of=/dev/null
        2:while true;do echo noop > scheduler;echo deadline > scheduler;done
    
        The test method also use this method.
    Signed-off-by: default avatarJianpeng Ma <majianpeng@gmail.com>
    Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
    d50235b7
cfq-iosched.c 120 KB