blk-throttle: fix null pointer dereference while throttling writeback IOs
authorJiufei Xue <jiufei.xjf@alibaba-inc.com>
Tue, 10 Oct 2017 03:13:32 +0000 (11:13 +0800)
committerJens Axboe <axboe@kernel.dk>
Tue, 10 Oct 2017 19:09:34 +0000 (13:09 -0600)
commit53cfdc10a95d03fbc82970d682a32696d19ef886
tree1cd5d88450b9e3f6b741f3552348555b64376804
parent58a9edce0aa912640abe47d3fc039e6230ef848b
blk-throttle: fix null pointer dereference while throttling writeback IOs

A null pointer dereference can occur when blkcg is removed manually
with writeback IOs inflight. This is caused by the following case:

Writeback kworker submit the bio and set bio->bi_cg_private to tg
in blk_throtl_assoc_bio.
Then we remove the block cgroup manually, the blkg and tg would be
freed if there is no request inflight.
When the submitted bio come back, blk_throtl_bio_endio() fetch the tg
which was already freed.

Fix this by increasing the refcount of blkg in funcion
blk_throtl_assoc_bio() so that the blkg will not be freed until the
bio_endio called.

Reviewed-by: Shaohua Li <shli@fb.com>
Signed-off-by: Jiufei Xue <jiufei.xjf@alibaba-inc.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
block/blk-throttle.c