From: Bart Van Assche <Bart.VanAssche@sandisk.com>
To: "osandov@osandov.com" <osandov@osandov.com>
Cc: "hare@suse.com" <hare@suse.com>,
"linux-block@vger.kernel.org" <linux-block@vger.kernel.org>,
"osandov@fb.com" <osandov@fb.com>,
"axboe@kernel.dk" <axboe@kernel.dk>
Subject: Re: [PATCH v4 05/10] blk-mq: Unregister debugfs attributes earlier
Date: Mon, 24 Apr 2017 17:12:05 +0000 [thread overview]
Message-ID: <1493053923.3394.8.camel@sandisk.com> (raw)
In-Reply-To: <20170424165549.GC28510@vader.DHCP.thefacebook.com>
On Mon, 2017-04-24 at 09:55 -0700, Omar Sandoval wrote:
> On Fri, Apr 21, 2017 at 04:40:21PM -0700, Bart Van Assche wrote:
> > One of the debugfs attributes allows to run a queue. Since running
> > a queue after a queue has entered the "dead" state is not allowed
> > and even can cause a kernel crash, unregister the debugfs attributes
> > before a queue reaches the "dead" state.
>=20
> More important than this case, I think, is that blk_cleanup_queue()
> calls blk_mq_free_queue(q), so most of the debugfs entries would lead to
> use-after-frees. If you add that to the commit message and address my
> comment below,
>=20
> Reviewed-by: Omar Sandoval <osandov@fb.com>
Thanks! I will update the commit message.
> > --- a/block/blk-core.c
> > +++ b/block/blk-core.c
> > @@ -566,6 +566,11 @@ void blk_cleanup_queue(struct request_queue *q)
> > spin_lock_irq(lock);
> > if (!q->mq_ops)
> > __blk_drain_queue(q, true);
> > + spin_unlock_irq(lock);
> > +
> > + blk_mq_debugfs_unregister_mq(q);
> > +
> > + spin_lock_irq(lock);
> > queue_flag_set(QUEUE_FLAG_DEAD, q);
> > spin_unlock_irq(lock);
>=20
> Do we actually have to hold the queue lock when we set QUEUE_FLAG_DEAD?
It's way easier to keep that spin_lock()/spin_unlock() pair than to analyze
the block driver core and all block drivers to see whether or not any
concurrent queue flag changes could occur.
Bart.=
next prev parent reply other threads:[~2017-04-24 17:12 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-21 23:40 [PATCH v4 00/10] blk-mq debugfs patches for kernel v4.12 Bart Van Assche
2017-04-21 23:40 ` [PATCH v4 01/10] blk-mq: Register <dev>/queue/mq after having registered <dev>/queue Bart Van Assche
2017-04-24 7:25 ` Hannes Reinecke
2017-04-24 16:58 ` Omar Sandoval
2017-04-21 23:40 ` [PATCH v4 02/10] blk-mq: Let blk_mq_debugfs_register() look up the queue name Bart Van Assche
2017-04-24 7:25 ` Hannes Reinecke
2017-04-24 16:57 ` Omar Sandoval
2017-04-21 23:40 ` [PATCH v4 03/10] blk-mq-debugfs: Rename functions for registering and unregistering the mq directory Bart Van Assche
2017-04-24 7:26 ` Hannes Reinecke
2017-04-24 16:46 ` Omar Sandoval
2017-04-21 23:40 ` [PATCH v4 04/10] blk-mq: Check blk_mq_debugfs_register() return value Bart Van Assche
2017-04-24 7:26 ` Hannes Reinecke
2017-04-24 16:49 ` Omar Sandoval
2017-04-24 17:05 ` Bart Van Assche
2017-04-21 23:40 ` [PATCH v4 05/10] blk-mq: Unregister debugfs attributes earlier Bart Van Assche
2017-04-24 7:27 ` Hannes Reinecke
2017-04-24 16:55 ` Omar Sandoval
2017-04-24 17:12 ` Bart Van Assche [this message]
2017-04-24 17:17 ` Omar Sandoval
2017-04-24 17:24 ` Bart Van Assche
2017-04-24 17:26 ` Omar Sandoval
2017-04-24 17:29 ` Omar Sandoval
2017-04-24 17:34 ` Bart Van Assche
2017-04-21 23:40 ` [PATCH v4 06/10] blk-mq: Move the "state" debugfs attribute one level down Bart Van Assche
2017-04-24 7:28 ` Hannes Reinecke
2017-04-21 23:40 ` [PATCH v4 07/10] blk-mq: Make blk_flags_show() callers append a newline character Bart Van Assche
2017-04-24 7:28 ` Hannes Reinecke
2017-04-21 23:40 ` [PATCH v4 08/10] blk-mq: Show operation, cmd_flags and rq_flags names Bart Van Assche
2017-04-24 7:30 ` Hannes Reinecke
2017-04-21 23:40 ` [PATCH v4 09/10] blk-mq: Add blk_mq_ops.show_rq() Bart Van Assche
2017-04-24 7:32 ` Hannes Reinecke
2017-04-24 21:51 ` Bart Van Assche
2017-04-25 15:16 ` Hannes Reinecke
2017-04-25 15:35 ` Bart Van Assche
2017-04-25 16:34 ` Jens Axboe
2017-04-21 23:40 ` [PATCH v4 10/10] scsi: Implement blk_mq_ops.show_rq() Bart Van Assche
2017-04-21 23:40 ` Bart Van Assche
2017-04-24 7:35 ` Hannes Reinecke
2017-04-24 7:35 ` Hannes Reinecke
2017-04-24 21:35 ` Martin K. Petersen
2017-04-24 21:35 ` Martin K. Petersen
2017-04-24 21:49 ` Bart Van Assche
2017-04-24 21:49 ` Bart Van Assche
2017-04-24 23:19 ` Martin K. Petersen
2017-04-24 23:19 ` Martin K. Petersen
2017-04-24 23:23 ` Omar Sandoval
2017-04-24 23:33 ` Martin K. Petersen
2017-04-24 23:33 ` Martin K. Petersen
2017-04-24 23:46 ` Bart Van Assche
2017-04-24 23:46 ` Bart Van Assche
2017-04-25 16:40 ` Martin K. Petersen
2017-04-25 16:40 ` Martin K. Petersen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1493053923.3394.8.camel@sandisk.com \
--to=bart.vanassche@sandisk.com \
--cc=axboe@kernel.dk \
--cc=hare@suse.com \
--cc=linux-block@vger.kernel.org \
--cc=osandov@fb.com \
--cc=osandov@osandov.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.