linux/block
Fabio Checconi 4faa3c8150 cfq-iosched: do not leak ioc_data across iosched switches
When switching scheduler from cfq, cfq_exit_queue() does not clear
ioc->ioc_data, leaving a dangling pointer that can deceive the following
lookups when the iosched is switched back to cfq.  The pattern that can
trigger that is the following:

    - elevator switch from cfq to something else;
    - module unloading, with elv_unregister() that calls cfq_free_io_context()
      on ioc freeing the cic (via the .trim op);
    - module gets reloaded and the elevator switches back to cfq;
    - reallocation of a cic at the same address as before (with a valid key).

To fix it just assign NULL to ioc_data in __cfq_exit_single_io_context(),
that is called from the regular exit path and from the elevator switching
code.  The only path that frees a cic and is not covered is the error handling
one, but cic's freed in this way are never cached in ioc_data.

Signed-off-by: Fabio Checconi <fabio@gandalf.sssup.it>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
2008-04-10 08:28:01 +02:00
..
as-iosched.c block: kill swap_io_context() 2008-02-01 11:34:49 +01:00
blk-barrier.c block: fix blkdev_issue_flush() not detecting and passing EOPNOTSUPP back 2008-03-04 11:47:46 +01:00
blk-core.c unexport blk_{get,put}_queue 2008-03-04 11:28:32 +01:00
blk-exec.c block: make core bits checkpatch compliant 2008-02-01 09:26:33 +01:00
blk-ioc.c cfq-iosched: add hlist for browsing parallel to the radix tree 2008-02-19 10:04:00 +01:00
blk-map.c block: fix shadowed variable warning in blk-map.c 2008-03-04 11:31:22 +01:00
blk-merge.c block: restore the meaning of rq->data_len to the true data length 2008-03-04 11:17:11 +01:00
blk-settings.c Fix bounce setting for 64-bit 2008-04-02 09:06:44 +02:00
blk-sysfs.c block: make core bits checkpatch compliant 2008-02-01 09:26:33 +01:00
blk-tag.c block/blk-tag.c should #include "blk.h" 2008-03-04 11:28:24 +01:00
blk.h proper prototype for blk_dev_init() 2008-03-04 11:28:29 +01:00
blktrace.c
bsg.c block: restore the meaning of rq->data_len to the true data length 2008-03-04 11:17:11 +01:00
cfq-iosched.c cfq-iosched: do not leak ioc_data across iosched switches 2008-04-10 08:28:01 +02:00
compat_ioctl.c
deadline-iosched.c
elevator.c elevator: make elevator_get() attempt to load the appropriate module 2008-02-19 10:20:37 +01:00
genhd.c genhd must_check warning fix 2008-03-12 12:34:37 -07:00
ioctl.c
Kconfig
Kconfig.iosched
Makefile block: ll_rw_blk.c split, add blk-merge.c 2008-01-29 21:55:12 +01:00
noop-iosched.c
scsi_ioctl.c block: restore the meaning of rq->data_len to the true data length 2008-03-04 11:17:11 +01:00