Hi,
This patchset fixes two subtle issues discovered while unit testing
nr_hw_queue update code using null_blk driver.
The first patch in the series, fixes an issue in the sbitmap initialization
code, where sb->alloc_hint is not explicitly set to NULL when the sbitmap
depth is zero. This can lead to a kernel crash in sbitmap_free(), which
unconditionally calls free_percpu() on sb->alloc_hint — even if it was
never allocated. The crash is caused by dereferencing an invalid pointer
or stale garbage value.
The second patch in the series fixes a bug in the null_blk driver where
the driver_data field of the tagset is not properly initialized when
setting up shared tagsets. This omission causes null_map_queues() to fail
during nr_hw_queues update, leading to no software queues (ctx) being
mapped to new hardware queues (hctx). As a result, the affected hctx
remains unused for any IO. Interestingly, this bug exposed the first
issue with sbitmap freeing.
As usual, review and feedback are most welcome!
Changes from v1:
- The set->driver_data field should be initialized separately for the
shared tagset to ensure it is correctly set for both shared and
non-shared tagset cases. (Damien Le Moal)
Nilay Shroff (2):
lib/sbitmap: fix kernel crash observed when sbitmap depth is zero
null_blk: fix set->driver_data while setting up tagset
drivers/block/null_blk/main.c | 1 +
lib/sbitmap.c | 1 +
2 files changed, 2 insertions(+)
--
2.50.1
