From b1edc4c1c9016824ee64076baaac4e21c09ceab0 Mon Sep 17 00:00:00 2001
From: Xiaoguang Wang <xiaoguang.wang@linux.alibaba.com>
Date: Tue, 18 Feb 2020 11:49:44 +0800
Subject: [PATCH] alinux: blk-throttle: fix logic error about BIO_THROTL_STATED
 in throtl_bio_end_io()

When CONFIG_BLK_DEV_THROTTLING is enabled, though we may not set
block cgroup's blk-throttle bps or iops limits, every bio still
enters blk_throtl_bio() firstly, then this bug will result in the
corresponding blkcg_gq's refcnt will increase by 1 for every bio.
atomit_t is an 'int' type, and if usr continually issues batches
of bios, this refcnt will overflow, which will trigger WARNING in
blkg_get() or blkg_put().

Fixes: 4667e926ac4a ("alios: blk-throttle: fix tg NULL pointer dereference")
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Signed-off-by: Xiaoguang Wang <xiaoguang.wang@linux.alibaba.com>
Signed-off-by: Joseph Qi <joseph.qi@linux.alibaba.com>
---
 block/blk-throttle.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/block/blk-throttle.c b/block/blk-throttle.c
index 24c3e80aff3e..c0e35459a144 100644
--- a/block/blk-throttle.c
+++ b/block/blk-throttle.c
@@ -1120,7 +1120,7 @@ static void throtl_bio_end_io(struct bio *bio)
 
 	rcu_read_lock();
 	/* see comments in throtl_bio_stats_start() */
-	if (bio_flagged(bio, BIO_THROTL_STATED))
+	if (!bio_flagged(bio, BIO_THROTL_STATED))
 		goto out;
 
 	tg = (struct throtl_grp *)bio->bi_tg_private;
-- 
GitLab