tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'block-6.2-2023-02-03' of git://git.kernel.dk/linux

Pull block fixes from Jens Axboe:
"A bit bigger than I'd like at this point, but mostly a bunch of little
fixes. In detail:

- NVMe pull request via Christoph:
- Fix a missing queue put in nvmet_fc_ls_create_association
(Amit Engel)
- Clear queue pointers on tag_set initialization failure
(Maurizio Lombardi)
- Use workqueue dedicated to authentication (Shin'ichiro
Kawasaki)

- Fix for an overflow in ublk (Liu)

- Fix for leaking a queue reference in block cgroups (Ming)

- Fix for a use-after-free in BFQ (Yu)"

* tag 'block-6.2-2023-02-03' of git://git.kernel.dk/linux:
blk-cgroup: don't update io stat for root cgroup
nvme-auth: use workqueue dedicated to authentication
nvme: clear the request_queue pointers on failure in nvme_alloc_io_tag_set
nvme: clear the request_queue pointers on failure in nvme_alloc_admin_tag_set
nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association
block: Fix the blk_mq_destroy_queue() documentation
block: ublk: extending queue_size to fix overflow
block, bfq: fix uaf for bfqq in bic_set_bfqq()

Linus Torvalds 0136d86b 7b753a90

+31 -9
+1 -1
block/bfq-cgroup.c
··· 769 769 * request from the old cgroup. 770 770 */ 771 771 bfq_put_cooperator(sync_bfqq); 772 - bfq_release_process_ref(bfqd, sync_bfqq); 773 772 bic_set_bfqq(bic, NULL, true); 773 + bfq_release_process_ref(bfqd, sync_bfqq); 774 774 } 775 775 } 776 776 }
+3 -1
block/bfq-iosched.c
··· 5425 5425 5426 5426 bfqq = bic_to_bfqq(bic, false); 5427 5427 if (bfqq) { 5428 - bfq_release_process_ref(bfqd, bfqq); 5428 + struct bfq_queue *old_bfqq = bfqq; 5429 + 5429 5430 bfqq = bfq_get_queue(bfqd, bio, false, bic, true); 5430 5431 bic_set_bfqq(bic, bfqq, false); 5432 + bfq_release_process_ref(bfqd, old_bfqq); 5431 5433 } 5432 5434 5433 5435 bfqq = bic_to_bfqq(bic, true);
+4
block/blk-cgroup.c
··· 2001 2001 struct blkg_iostat_set *bis; 2002 2002 unsigned long flags; 2003 2003 2004 + /* Root-level stats are sourced from system-wide IO stats */ 2005 + if (!cgroup_parent(blkcg->css.cgroup)) 2006 + return; 2007 + 2004 2008 cpu = get_cpu(); 2005 2009 bis = per_cpu_ptr(bio->bi_blkg->iostat_cpu, cpu); 2006 2010 flags = u64_stats_update_begin_irqsave(&bis->sync);
+3 -2
block/blk-mq.c
··· 4069 4069 * blk_mq_destroy_queue - shutdown a request queue 4070 4070 * @q: request queue to shutdown 4071 4071 * 4072 - * This shuts down a request queue allocated by blk_mq_init_queue() and drops 4073 - * the initial reference. All future requests will failed with -ENODEV. 4072 + * This shuts down a request queue allocated by blk_mq_init_queue(). All future 4073 + * requests will be failed with -ENODEV. The caller is responsible for dropping 4074 + * the reference from blk_mq_init_queue() by calling blk_put_queue(). 4074 4075 * 4075 4076 * Context: can sleep 4076 4077 */
+1 -1
drivers/block/ublk_drv.c
··· 137 137 138 138 char *__queues; 139 139 140 - unsigned short queue_size; 140 + unsigned int queue_size; 141 141 struct ublksrv_ctrl_dev_info dev_info; 142 142 143 143 struct blk_mq_tag_set tag_set;
+12 -2
drivers/nvme/host/auth.c
··· 45 45 int sess_key_len; 46 46 }; 47 47 48 + struct workqueue_struct *nvme_auth_wq; 49 + 48 50 #define nvme_auth_flags_from_qid(qid) \ 49 51 (qid == 0) ? 0 : BLK_MQ_REQ_NOWAIT | BLK_MQ_REQ_RESERVED 50 52 #define nvme_auth_queue_from_qid(ctrl, qid) \ ··· 868 866 869 867 chap = &ctrl->dhchap_ctxs[qid]; 870 868 cancel_work_sync(&chap->auth_work); 871 - queue_work(nvme_wq, &chap->auth_work); 869 + queue_work(nvme_auth_wq, &chap->auth_work); 872 870 return 0; 873 871 } 874 872 EXPORT_SYMBOL_GPL(nvme_auth_negotiate); ··· 1010 1008 1011 1009 int __init nvme_init_auth(void) 1012 1010 { 1011 + nvme_auth_wq = alloc_workqueue("nvme-auth-wq", 1012 + WQ_UNBOUND | WQ_MEM_RECLAIM | WQ_SYSFS, 0); 1013 + if (!nvme_auth_wq) 1014 + return -ENOMEM; 1015 + 1013 1016 nvme_chap_buf_cache = kmem_cache_create("nvme-chap-buf-cache", 1014 1017 CHAP_BUF_SIZE, 0, SLAB_HWCACHE_ALIGN, NULL); 1015 1018 if (!nvme_chap_buf_cache) 1016 - return -ENOMEM; 1019 + goto err_destroy_workqueue; 1017 1020 1018 1021 nvme_chap_buf_pool = mempool_create(16, mempool_alloc_slab, 1019 1022 mempool_free_slab, nvme_chap_buf_cache); ··· 1028 1021 return 0; 1029 1022 err_destroy_chap_buf_cache: 1030 1023 kmem_cache_destroy(nvme_chap_buf_cache); 1024 + err_destroy_workqueue: 1025 + destroy_workqueue(nvme_auth_wq); 1031 1026 return -ENOMEM; 1032 1027 } 1033 1028 ··· 1037 1028 { 1038 1029 mempool_destroy(nvme_chap_buf_pool); 1039 1030 kmem_cache_destroy(nvme_chap_buf_cache); 1031 + destroy_workqueue(nvme_auth_wq); 1040 1032 }
+4 -1
drivers/nvme/host/core.c
··· 4921 4921 blk_mq_destroy_queue(ctrl->admin_q); 4922 4922 blk_put_queue(ctrl->admin_q); 4923 4923 out_free_tagset: 4924 - blk_mq_free_tag_set(ctrl->admin_tagset); 4924 + blk_mq_free_tag_set(set); 4925 + ctrl->admin_q = NULL; 4926 + ctrl->fabrics_q = NULL; 4925 4927 return ret; 4926 4928 } 4927 4929 EXPORT_SYMBOL_GPL(nvme_alloc_admin_tag_set); ··· 4985 4983 4986 4984 out_free_tag_set: 4987 4985 blk_mq_free_tag_set(set); 4986 + ctrl->connect_q = NULL; 4988 4987 return ret; 4989 4988 } 4990 4989 EXPORT_SYMBOL_GPL(nvme_alloc_io_tag_set);
+3 -1
drivers/nvme/target/fc.c
··· 1685 1685 else { 1686 1686 queue = nvmet_fc_alloc_target_queue(iod->assoc, 0, 1687 1687 be16_to_cpu(rqst->assoc_cmd.sqsize)); 1688 - if (!queue) 1688 + if (!queue) { 1689 1689 ret = VERR_QUEUE_ALLOC_FAIL; 1690 + nvmet_fc_tgt_a_put(iod->assoc); 1691 + } 1690 1692 } 1691 1693 } 1692 1694