PKGBUILDs/core/linux-kirkwood/0001-block-bfq-attempt-to-fix-use-after-free-which-3.3.0-to-3.8.0.patch

63 lines
2 KiB
Diff
Raw Normal View History

From 599be431332e31a25ebe203155fa18d34781c3d3 Mon Sep 17 00:00:00 2001
From: Arianna Avanzini <avanzini.arianna@gmail.com>
Date: Tue, 5 Mar 2013 10:41:49 +0100
Subject: [PATCH] block, bfq: attempt to fix use-after-free which affects SLUB
behavior (3.3.0 to 3.8.0)
It may happen that a call to bfq_del_bfqq_busy() puts the last
reference taken on a queue and frees it. Subsequent accesses to that
same queue would result in a use-after-free. Make sure that a queue
that has just been deleted from busy is no more touched.
---
block/bfq-iosched.c | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c
index 9378b7d..e9a6514 100644
--- a/block/bfq-iosched.c
+++ b/block/bfq-iosched.c
@@ -1244,14 +1244,23 @@ static void __bfq_bfqq_expire(struct bfq_data *bfqd, struct bfq_queue *bfqq)
__bfq_bfqd_reset_active(bfqd);
+ /*
+ * If this bfqq is shared between multiple processes, check
+ * to make sure that those processes are still issuing I/Os
+ * within the mean seek distance. If not, it may be time to
+ * break the queues apart again.
+ */
+ if (bfq_bfqq_coop(bfqq) && BFQQ_SEEKY(bfqq))
+ bfq_mark_bfqq_split_coop(bfqq);
+
if (RB_EMPTY_ROOT(&bfqq->sort_list)) {
- bfq_del_bfqq_busy(bfqd, bfqq, 1);
/*
* overloading budget_timeout field to store when
* the queue remains with no backlog, used by
* the weight-raising mechanism
*/
bfqq->budget_timeout = jiffies ;
+ bfq_del_bfqq_busy(bfqd, bfqq, 1);
} else {
bfq_activate_bfqq(bfqd, bfqq);
/*
@@ -1259,15 +1268,6 @@ static void __bfq_bfqq_expire(struct bfq_data *bfqd, struct bfq_queue *bfqq)
*/
bfq_rq_pos_tree_add(bfqd, bfqq);
}
-
- /*
- * If this bfqq is shared between multiple processes, check
- * to make sure that those processes are still issuing I/Os
- * within the mean seek distance. If not, it may be time to
- * break the queues apart again.
- */
- if (bfq_bfqq_coop(bfqq) && BFQQ_SEEKY(bfqq))
- bfq_mark_bfqq_split_coop(bfqq);
}
/**
--
1.8.1.4