Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4a0b75c7 authored by Shaohua Li's avatar Shaohua Li Committed by Jens Axboe
Browse files

block, cfq: fix empty queue crash caused by request merge 



All requests of a queue could be merged to other requests of other queue.
Such queue will not have request in it, but it's in service tree. This
will cause kernel oops.
I encounter a BUG_ON() in cfq_dispatch_request() with next patch, but the
issue should exist without the patch.

Signed-off-by: default avatarShaohua Li <shaohua.li@intel.com>
Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
parent f1f8cc94

block/cfq-iosched.c

+12 −0
Original line number Original line Diff line number Diff line
@@ -1656,6 +1656,8 @@ cfq_merged_requests(struct request_queue *q, struct request *rq, 
		    struct request *next)

		    struct request *next)

{

{

	struct cfq_queue *cfqq = RQ_CFQQ(rq);

	struct cfq_queue *cfqq = RQ_CFQQ(rq);

	struct cfq_data *cfqd = q->elevator->elevator_data;



	/*

	/*

	 * reposition in fifo if next is older than rq

	 * reposition in fifo if next is older than rq

	 */

	 */
@@ -1670,6 +1672,16 @@ cfq_merged_requests(struct request_queue *q, struct request *rq, 
	cfq_remove_request(next);

	cfq_remove_request(next);

	cfq_blkiocg_update_io_merged_stats(&(RQ_CFQG(rq))->blkg,

	cfq_blkiocg_update_io_merged_stats(&(RQ_CFQG(rq))->blkg,

					rq_data_dir(next), rq_is_sync(next));

					rq_data_dir(next), rq_is_sync(next));



	cfqq = RQ_CFQQ(next);

	/*

	 * all requests of this queue are merged to other queues, delete it

	 * from the service tree. If it's the active_queue,

	 * cfq_dispatch_requests() will choose to expire it or do idle

	 */

	if (cfq_cfqq_on_rr(cfqq) && RB_EMPTY_ROOT(&cfqq->sort_list) &&

	    cfqq != cfqd->active_queue)

		cfq_del_cfqq_rr(cfqd, cfqq);

}

}





static int cfq_allow_merge(struct request_queue *q, struct request *rq,

static int cfq_allow_merge(struct request_queue *q, struct request *rq,