Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 553698f9 authored by Jens Axboe's avatar Jens Axboe Committed by Linus Torvalds
Browse files

[PATCH] cfq-iosched: fix crash in do_div() 



We don't clear the seek stat values in cfq_alloc_io_context(), and if
->seek_mean is unlucky enough to be set to -36 by chance, the first
invocation of cfq_update_io_seektime() will oops with a divide by zero
in do_div().

Just memset the entire cic instead of filling invididual values
independently.

Signed-off-by: default avatarJens Axboe <axboe@suse.de>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent 9cedc194

block/cfq-iosched.c

+3 −8
Original line number Diff line number Diff line
@@ -1323,17 +1323,12 @@ cfq_alloc_io_context(struct cfq_data *cfqd, gfp_t gfp_mask) 
	struct cfq_io_context *cic = kmem_cache_alloc(cfq_ioc_pool, gfp_mask);



	if (cic) {

		RB_CLEAR(&cic->rb_node);

		cic->key = NULL;

		cic->cfqq[ASYNC] = NULL;

		cic->cfqq[SYNC] = NULL;

		memset(cic, 0, sizeof(*cic));

		RB_CLEAR_COLOR(&cic->rb_node);

		cic->last_end_request = jiffies;

		cic->ttime_total = 0;

		cic->ttime_samples = 0;

		cic->ttime_mean = 0;

		INIT_LIST_HEAD(&cic->queue_list);

		cic->dtor = cfq_free_io_context;

		cic->exit = cfq_exit_io_context;

		INIT_LIST_HEAD(&cic->queue_list);

		atomic_inc(&ioc_count);

	}