diff options
author | Tejun Heo <htejun@gmail.com> | 2005-08-05 22:28:11 +0200 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2005-08-05 22:43:16 +0200 |
commit | ba02508248e90a9d696aebd18b48a3290235b53c (patch) | |
tree | 4167aecae57a5ceab6392e54189a271f3dfdebf8 /ipc/sem.c | |
parent | [PATCH] Fix hugepage crash on failing mmap() (diff) | |
download | linux-ba02508248e90a9d696aebd18b48a3290235b53c.tar.xz linux-ba02508248e90a9d696aebd18b48a3290235b53c.zip |
[PATCH] blk: fix tag shrinking (revive real_max_size)
My patch in commit fa72b903f75e4f0f0b2c2feed093005167da4023 incorrectly
removed blk_queue_tag->real_max_depth.
The original resize implementation was incorrect in the following
points.
* actual allocation size of tag_index was shorter than real_max_size,
but assumed to be of the same size, possibly causing memory access
beyond the allocated area.
* bits in tag_map between max_deptn and real_max_depth were
initialized to 1's, making the tags permanently reserved.
In an attempt to fix above two bugs, I had removed allocation optimization
in init_tag_map and real_max_size. Tag map/index were allocated and freed
immediately during resize.
Unfortunately, I wasn't considering that tag map/index can be resized
dynamically with tags beyond new_depth active. This led to accessing
freed area after shrinking tags and led to the following bug reporting
thread on linux-scsi.
http://marc.theaimsgroup.com/?l=linux-scsi&m=112319898111885&w=2
To fix the problem, I've revived real_max_depth without allocation
optimization in init_tag_map, and Andrew Vasquez confirmed that the
problem was fixed. As Jens is not going to be available for a week, he
asked me to make sure that this patch reaches you.
http://marc.theaimsgroup.com/?l=linux-scsi&m=112325778530886&w=2
Also, a comment was added to make sure that real_max_size is needed for
dynamic shrinking.
Signed-off-by: Tejun Heo <htejun@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'ipc/sem.c')
0 files changed, 0 insertions, 0 deletions