• Tejun Heo's avatar
    [PATCH] blk: fix tag shrinking (revive real_max_size) · ba025082
    Tejun Heo authored
    My patch in commit fa72b903 incorrectly
    removed blk_queue_tag->real_max_depth.
    
    The original resize implementation was incorrect in the following
    points.
    
     * actual allocation size of tag_index was shorter than real_max_size,
       but assumed to be of the same size, possibly causing memory access
       beyond the allocated area.
     * bits in tag_map between max_deptn and real_max_depth were
       initialized to 1's, making the tags permanently reserved.
    
    In an attempt to fix above two bugs, I had removed allocation optimization
    in init_tag_map and real_max_size.  Tag map/index were allocated and freed
    immediately during resize.
    
    Unfortunately, I wasn't considering that tag map/index can be resized
    dynamically with tags beyond new_depth active.  This led to accessing
    freed area after shrinking tags and led to the following bug reporting
    thread on linux-scsi.
    
       http://marc.theaimsgroup.com/?l=linux-scsi&m=112319898111885&w=2
    
    To fix the problem, I've revived real_max_depth without allocation
    optimization in init_tag_map, and Andrew Vasquez confirmed that the
    problem was fixed.  As Jens is not going to be available for a week, he
    asked me to make sure that this patch reaches you.
    
       http://marc.theaimsgroup.com/?l=linux-scsi&m=112325778530886&w=2
    
    Also, a comment was added to make sure that real_max_size is needed for
    dynamic shrinking.
    Signed-off-by: default avatarTejun Heo <htejun@gmail.com>
    Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
    ba025082
ll_rw_blk.c 91.1 KB