From: Tejun Heo <tj@kernel.org>
To: Bart Van Assche <bvanassche@acm.org>
Cc: linux-scsi <linux-scsi@vger.kernel.org>,
James Bottomley <jbottomley@parallels.com>,
Mike Christie <michaelc@cs.wisc.edu>,
Jens Axboe <axboe@kernel.dk>, Chanho Min <chanho.min@lge.com>
Subject: Re: [PATCH 3/4] Make blk_cleanup_queue() wait until request_fn finished
Date: Tue, 16 Oct 2012 16:51:52 -0700 [thread overview]
Message-ID: <20121016235152.GL16166@google.com> (raw)
In-Reply-To: <50758F90.4020407@acm.org>
Hello,
On Wed, Oct 10, 2012 at 05:09:04PM +0200, Bart Van Assche wrote:
> Some request_fn implementations, e.g. scsi_request_fn(), unlock
> the queue lock. Make sure that blk_cleanup_queue() waits until all
> active request_fn invocations have finished. This fixes a potential
> use-after-free at the end of scsi_request_fn(). Also, change the
> type of the 'drain' variable from bool to int to avoid that the
> highest bits of the request counters get ignored.
Similar comment. It would be great if you better separate what's
broken and how it's fixed. Kinda difficult to digest.
> @@ -308,7 +308,9 @@ void __blk_run_queue_uncond(struct request_queue *q)
> if (unlikely(blk_queue_dead(q)))
> return;
>
> + q->driver_active++;
> q->request_fn(q);
> + q->driver_active--;
Maybe q->request_fn_active is a better name?
> -void blk_drain_queue(struct request_queue *q, bool drain_all)
> +static void blk_drain_queue(struct request_queue *q, bool drain_all)
> {
> int i;
>
> while (true) {
> - bool drain = false;
> + int drain = 0;
I don't think this is necessary. bool conversion works fine
regardless how high the bits are. Isn't avoiding signed/unsigned
autocast maze one of the reasons why we're using bool to begin with?
> diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
> index f29a1a9..0e15374 100644
> --- a/drivers/scsi/scsi_lib.c
> +++ b/drivers/scsi/scsi_lib.c
> @@ -1517,10 +1517,6 @@ static void scsi_request_fn(struct request_queue *q)
> struct scsi_cmnd *cmd;
> struct request *req;
>
> - if(!get_device(&sdev->sdev_gendev))
> - /* We must be tearing the block queue down already */
> - return;
> -
> /*
> * To start with, we keep looping until the queue is empty, or until
> * the host is no longer able to accept any more requests.
> @@ -1629,11 +1625,7 @@ out_delay:
> if (sdev->device_busy == 0)
> blk_delay_queue(q, SCSI_QUEUE_DELAY);
> out:
> - /* must be careful here...if we trigger the ->remove() function
> - * we cannot be holding the q lock */
> - spin_unlock_irq(q->queue_lock);
> - put_device(&sdev->sdev_gendev);
> - spin_lock_irq(q->queue_lock);
> + ;
I think moving this out to a separate patch would be better.
Thanks.
--
tejun
next prev parent reply other threads:[~2012-10-16 23:51 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-10 15:05 [PATCH 0/4 v4] More device removal fixes Bart Van Assche
2012-10-10 15:07 ` [PATCH 1/4] block: Rename queue dead flag Bart Van Assche
2012-10-16 23:31 ` Tejun Heo
2012-10-10 15:08 ` [PATCH 2/4] block: Avoid that request_fn is invoked on a dead queue Bart Van Assche
2012-10-16 23:38 ` Tejun Heo
2012-10-23 12:11 ` Bart Van Assche
2012-10-24 19:13 ` Tejun Heo
2012-10-10 15:09 ` [PATCH 3/4] Make blk_cleanup_queue() wait until request_fn finished Bart Van Assche
2012-10-16 23:51 ` Tejun Heo [this message]
2012-10-23 12:16 ` Bart Van Assche
2012-10-24 19:11 ` Tejun Heo
2012-10-10 15:10 ` [PATCH 4/4] Fix race between starved list processing and device removal Bart Van Assche
2012-10-16 23:59 ` Tejun Heo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121016235152.GL16166@google.com \
--to=tj@kernel.org \
--cc=axboe@kernel.dk \
--cc=bvanassche@acm.org \
--cc=chanho.min@lge.com \
--cc=jbottomley@parallels.com \
--cc=linux-scsi@vger.kernel.org \
--cc=michaelc@cs.wisc.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.