From patchwork Tue May 9 09:37:27 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Valente X-Patchwork-Id: 98888 Delivered-To: patch@linaro.org Received: by 10.182.142.97 with SMTP id rv1csp1825101obb; Tue, 9 May 2017 02:38:29 -0700 (PDT) X-Received: by 10.84.217.201 with SMTP id d9mr68677339plj.164.1494322709505; Tue, 09 May 2017 02:38:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1494322709; cv=none; d=google.com; s=arc-20160816; b=uyDTidnNQSXW7QdanePUlhnH6LVMjGO+LDGTk69+SdbVBsg/m1PyPixXanU2maILYG A9JSch0Udj3knLpU3EgHKYa4SMH4wqagKbeU3zcXwdGTb1wM7NexBbLxqHuYJMQP+o35 zD0uMNi+wEbHI3UPy2qTKfsjgLjjwQCQ4uaWgTYJTjqcX1RlbY7AKHrB+0a1Ibk9qcpJ hR+os6L2LL/Wa4QkxgV4Ik7jryW+9CMDV3Wt+b4DvgEiQ5TbafkNfzxj1sIIyxpCRhU/ A0ONQKW/FV5dxg1bCIbT2itcaBIKQBF8Xo9nh9Xf3xw96R2yEWkFIfoWaJWn/zfV/C0j DMAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=tAWVhJHaCnwwAGzPUZ3kkY2ByTiDqZs0n6KhFoYSwc8=; b=srff1NHipxB9aqy7AEdizbSjb4plqkt2DoecxHN9O4Odit4F7uPUG57KtH3ZkdOdni 8brCr0u/22TeRVVdKRxkW+UOi/ENmzgKdN6TDlYYVuuyRSzIspYhvyzcEdBd5p4I8u8d Gh72rIQACbKqc1pGtN27U8g4AEJETqm71h8nhTBXDgHjlIpIagaDw1nOKamOzw1MEboo VAvsOl4uxvS9GLcYHjTZnV14lMw50RzFut7YGKUlt9B6GFrwJ8neD920IfM3LPQQ5mtg hwSTi/nLpqrV0G8AnVC3fovUZ+w2uo8Kq5M3fDvXmmb3X0KUwsL64a9eegSwUjXqe/+g mmKA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d9si12364403pgn.218.2017.05.09.02.38.29; Tue, 09 May 2017 02:38:29 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752777AbdEIJiK (ORCPT + 25 others); Tue, 9 May 2017 05:38:10 -0400 Received: from mail-wr0-f173.google.com ([209.85.128.173]:33021 "EHLO mail-wr0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751537AbdEIJiI (ORCPT ); Tue, 9 May 2017 05:38:08 -0400 Received: by mail-wr0-f173.google.com with SMTP id w50so64865972wrc.0 for ; Tue, 09 May 2017 02:38:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=tAWVhJHaCnwwAGzPUZ3kkY2ByTiDqZs0n6KhFoYSwc8=; b=ZGJG/mhSYkg3fO64inOChgNC/j/R53u6PMbPG2fw0Kt+BUN2sDuzGg4+v9NvLxbLtM EfQ1aA8itXvdkGSnucNFg46j9xedePSjFmcf3XHa97vnCS6e9NIYY5DSf9xxx5RfK1eX RMOKOKYThXkv60Kb4wp1OKWxL7lgs83FD6aFE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=tAWVhJHaCnwwAGzPUZ3kkY2ByTiDqZs0n6KhFoYSwc8=; b=VpkeVMlJarRVFWg3qs/sv3oYd1O7WLP0vb8Vp8dJH3I+YDu/mnHDCPtvJxYfS545Os 4unPFcQ+HtS/A/QDAWn5/S0P5JY8SXvMmVtyDpw6yLP/n8vhWzL6N2QRzLnMVKBhthh7 IzwBD8eVpi1A7wAUimfuejaDTiehBBf2xrnI4FpT7tNcWUbpoNcGswe6cWE9fb5R02We MHIakw518c7kCkiyvGGRG2xpFWKFXBlBsxAn6yzJN5wQ2I3QPb59BBz4yOnysy3CPDpT r7BOym/AUfCkkQiGLWZ4StlFACGrtduwtkxUUSuX3H48JXXV3xmD4i8Q4e7TeDL2aTLd OlFQ== X-Gm-Message-State: AN3rC/5TVNnQp8DPxu4hTgSCdmmWw/nBRvdjNkorm320x2Yu0DZLYuve 8dxKoy+0vD0xT+TvgRVQjQ== X-Received: by 10.223.134.150 with SMTP id 22mr39402730wrx.121.1494322687161; Tue, 09 May 2017 02:38:07 -0700 (PDT) Received: from localhost.localdomain ([5.168.26.240]) by smtp.gmail.com with ESMTPSA id 4sm16813827wry.31.2017.05.09.02.38.05 (version=TLS1 cipher=AES128-SHA bits=128/128); Tue, 09 May 2017 02:38:06 -0700 (PDT) From: Paolo Valente To: Jens Axboe Cc: linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, ulf.hansson@linaro.org, linus.walleij@linaro.org, broonie@kernel.org, Paolo Valente Subject: [PATCH BUGFIX] block, bfq: use pointer entity->sched_data only if set Date: Tue, 9 May 2017 11:37:27 +0200 Message-Id: <20170509093727.2595-1-paolo.valente@linaro.org> X-Mailer: git-send-email 2.10.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In the function __bfq_deactivate_entity, the pointer entity->sched_data could happen to be used before being properly initialized. This led to a NULL pointer dereference. This commit fixes this bug by just using this pointer only where it is safe to do so. Reported-by: Tom Harrison Tested-by: Tom Harrison Signed-off-by: Paolo Valente --- block/bfq-wf2q.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) -- 2.10.0 diff --git a/block/bfq-wf2q.c b/block/bfq-wf2q.c index b4fc3e4..8726ede 100644 --- a/block/bfq-wf2q.c +++ b/block/bfq-wf2q.c @@ -1114,12 +1114,21 @@ static void bfq_activate_requeue_entity(struct bfq_entity *entity, bool __bfq_deactivate_entity(struct bfq_entity *entity, bool ins_into_idle_tree) { struct bfq_sched_data *sd = entity->sched_data; - struct bfq_service_tree *st = bfq_entity_service_tree(entity); - int is_in_service = entity == sd->in_service_entity; + struct bfq_service_tree *st; + bool is_in_service; if (!entity->on_st) /* entity never activated, or already inactive */ return false; + /* + * If we get here, then entity is active, which implies that + * bfq_group_set_parent has already been invoked for the group + * represented by entity. Therefore, the field + * entity->sched_data has been set, and we can safely use it. + */ + st = bfq_entity_service_tree(entity); + is_in_service = entity == sd->in_service_entity; + if (is_in_service) bfq_calc_finish(entity, entity->service);