From patchwork Tue May 9 09:37:27 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Valente X-Patchwork-Id: 9717457 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 9B33360364 for ; Tue, 9 May 2017 09:38:21 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9ABB1269DA for ; Tue, 9 May 2017 09:38:21 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8F6E428389; Tue, 9 May 2017 09:38:21 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI,RCVD_IN_SORBS_SPAM autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3B290269DA for ; Tue, 9 May 2017 09:38:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752614AbdEIJiJ (ORCPT ); Tue, 9 May 2017 05:38:09 -0400 Received: from mail-wr0-f170.google.com ([209.85.128.170]:34368 "EHLO mail-wr0-f170.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751831AbdEIJiI (ORCPT ); Tue, 9 May 2017 05:38:08 -0400 Received: by mail-wr0-f170.google.com with SMTP id l9so64777213wre.1 for ; Tue, 09 May 2017 02:38:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=tAWVhJHaCnwwAGzPUZ3kkY2ByTiDqZs0n6KhFoYSwc8=; b=ZGJG/mhSYkg3fO64inOChgNC/j/R53u6PMbPG2fw0Kt+BUN2sDuzGg4+v9NvLxbLtM EfQ1aA8itXvdkGSnucNFg46j9xedePSjFmcf3XHa97vnCS6e9NIYY5DSf9xxx5RfK1eX RMOKOKYThXkv60Kb4wp1OKWxL7lgs83FD6aFE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=tAWVhJHaCnwwAGzPUZ3kkY2ByTiDqZs0n6KhFoYSwc8=; b=J2Sm7Cf8hs5nNTtYAY7SEKXQBVyYtDyiQ0T1az6DVlfzrxETqm9EUcjXmnpkjutSVS AJ6HVO4ut0PFJHqRNLKbTsiqOE0xjgSAcxEDjLFyxygBoLCpR6/10XWTgnZKwvUKnyrf O5BIHF55ng2mhFcN8Iwu6LI1Nnr8k0NZjKz26ym32saYJpjUZbJLCEOxn/S9lb/dCqk+ NayE28gLx8c/HQOw3esTb1r9aNjp383fK7P7zAala4XdOy7yIB0jh16r0eN8WCTerrcc AtTc9nK+js4JceB2FY9xn2sUBMWA/DIzMo/O7yrEyV7GcApOZuu8fZ7LTfzQB0qr/2sL mMPA== X-Gm-Message-State: AN3rC/6+X3hrUruFNf7+2+LG/1epRqMkwNlMiLVrcOU5GtbPmZ9Pv97G 8DU8hN+C+jUn3QRf X-Received: by 10.223.134.150 with SMTP id 22mr39402730wrx.121.1494322687161; Tue, 09 May 2017 02:38:07 -0700 (PDT) Received: from localhost.localdomain ([5.168.26.240]) by smtp.gmail.com with ESMTPSA id 4sm16813827wry.31.2017.05.09.02.38.05 (version=TLS1 cipher=AES128-SHA bits=128/128); Tue, 09 May 2017 02:38:06 -0700 (PDT) From: Paolo Valente To: Jens Axboe Cc: linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, ulf.hansson@linaro.org, linus.walleij@linaro.org, broonie@kernel.org, Paolo Valente Subject: [PATCH BUGFIX] block, bfq: use pointer entity->sched_data only if set Date: Tue, 9 May 2017 11:37:27 +0200 Message-Id: <20170509093727.2595-1-paolo.valente@linaro.org> X-Mailer: git-send-email 2.10.0 Sender: linux-block-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-block@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP In the function __bfq_deactivate_entity, the pointer entity->sched_data could happen to be used before being properly initialized. This led to a NULL pointer dereference. This commit fixes this bug by just using this pointer only where it is safe to do so. Reported-by: Tom Harrison Tested-by: Tom Harrison Signed-off-by: Paolo Valente --- block/bfq-wf2q.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/block/bfq-wf2q.c b/block/bfq-wf2q.c index b4fc3e4..8726ede 100644 --- a/block/bfq-wf2q.c +++ b/block/bfq-wf2q.c @@ -1114,12 +1114,21 @@ static void bfq_activate_requeue_entity(struct bfq_entity *entity, bool __bfq_deactivate_entity(struct bfq_entity *entity, bool ins_into_idle_tree) { struct bfq_sched_data *sd = entity->sched_data; - struct bfq_service_tree *st = bfq_entity_service_tree(entity); - int is_in_service = entity == sd->in_service_entity; + struct bfq_service_tree *st; + bool is_in_service; if (!entity->on_st) /* entity never activated, or already inactive */ return false; + /* + * If we get here, then entity is active, which implies that + * bfq_group_set_parent has already been invoked for the group + * represented by entity. Therefore, the field + * entity->sched_data has been set, and we can safely use it. + */ + st = bfq_entity_service_tree(entity); + is_in_service = entity == sd->in_service_entity; + if (is_in_service) bfq_calc_finish(entity, entity->service);