[PATCH 02/21] blk-mq: Fix a potential NULL pointer assignment to hctx tags

From: Alexander Gordeev
Date: Fri Sep 16 2016 - 04:52:20 EST


If number of used hardware queues is dynamically decreased
then tags corresponding to the newly unused queues are freed.

If previously unused hardware queues are then reused again
they will start referring the previously freed tags.

CC: Jens Axboe <axboe@xxxxxx>
CC: linux-nvme@xxxxxxxxxxxxxxxxxxx
Signed-off-by: Alexander Gordeev <agordeev@xxxxxxxxxx>
---
block/blk-mq.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/block/blk-mq.c b/block/blk-mq.c
index 90e3fef..1cacf83 100644
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -2005,6 +2005,8 @@ static void blk_mq_realloc_hw_ctxs(struct blk_mq_tag_set *set,

if (hctxs[i])
continue;
+ if (!set->tags[i])
+ break;

node = blk_mq_hw_queue_to_node(q->mq_map, i);
hctxs[i] = kzalloc_node(sizeof(struct blk_mq_hw_ctx),
--
1.8.3.1