From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Ming Lei <ming.lei@redhat.com>, Jan Kara <jack@suse.cz>,
Christoph Hellwig <hch@lst.de>, Jens Axboe <axboe@kernel.dk>,
Sasha Levin <sashal@kernel.org>,
paolo.valente@linaro.org, linux-block@vger.kernel.org
Subject: [PATCH AUTOSEL 5.17 17/20] blk-mq: avoid to touch q->elevator without any protection
Date: Tue, 21 Jun 2022 16:50:07 -0400 [thread overview]
Message-ID: <20220621205010.250185-17-sashal@kernel.org> (raw)
In-Reply-To: <20220621205010.250185-1-sashal@kernel.org>
From: Ming Lei <ming.lei@redhat.com>
[ Upstream commit 4d337cebcb1c27d9b48c48b9a98e939d4552d584 ]
q->elevator is referred in blk_mq_has_sqsched() without any protection,
no .q_usage_counter is held, no queue srcu and rcu read lock is held,
so potential use-after-free may be triggered.
Fix the issue by adding one queue flag for checking if the elevator
uses single queue style dispatch. Meantime the elevator feature flag
of ELEVATOR_F_MQ_AWARE isn't needed any more.
Cc: Jan Kara <jack@suse.cz>
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20220616014401.817001-3-ming.lei@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/bfq-iosched.c | 3 +++
block/blk-mq-sched.c | 1 +
block/blk-mq.c | 18 ++----------------
block/kyber-iosched.c | 3 ++-
block/mq-deadline.c | 3 +++
include/linux/blkdev.h | 4 ++--
6 files changed, 13 insertions(+), 19 deletions(-)
diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c
index 5d2d3fe65a9d..47ee2e592240 100644
--- a/block/bfq-iosched.c
+++ b/block/bfq-iosched.c
@@ -7183,6 +7183,9 @@ static int bfq_init_queue(struct request_queue *q, struct elevator_type *e)
bfq_init_root_group(bfqd->root_group, bfqd);
bfq_init_entity(&bfqd->oom_bfqq.entity, bfqd->root_group);
+ /* We dispatch from request queue wide instead of hw queue */
+ blk_queue_flag_set(QUEUE_FLAG_SQ_SCHED, q);
+
wbt_disable_default(q);
return 0;
diff --git a/block/blk-mq-sched.c b/block/blk-mq-sched.c
index 80e0eb26b697..f50f1facd164 100644
--- a/block/blk-mq-sched.c
+++ b/block/blk-mq-sched.c
@@ -563,6 +563,7 @@ int blk_mq_init_sched(struct request_queue *q, struct elevator_type *e)
int ret;
if (!e) {
+ blk_queue_flag_clear(QUEUE_FLAG_SQ_SCHED, q);
q->elevator = NULL;
q->nr_requests = q->tag_set->queue_depth;
return 0;
diff --git a/block/blk-mq.c b/block/blk-mq.c
index 5021e8ed2053..8f77023c0f39 100644
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -2095,20 +2095,6 @@ void blk_mq_run_hw_queue(struct blk_mq_hw_ctx *hctx, bool async)
}
EXPORT_SYMBOL(blk_mq_run_hw_queue);
-/*
- * Is the request queue handled by an IO scheduler that does not respect
- * hardware queues when dispatching?
- */
-static bool blk_mq_has_sqsched(struct request_queue *q)
-{
- struct elevator_queue *e = q->elevator;
-
- if (e && e->type->ops.dispatch_request &&
- !(e->type->elevator_features & ELEVATOR_F_MQ_AWARE))
- return true;
- return false;
-}
-
/*
* Return prefered queue to dispatch from (if any) for non-mq aware IO
* scheduler.
@@ -2141,7 +2127,7 @@ void blk_mq_run_hw_queues(struct request_queue *q, bool async)
int i;
sq_hctx = NULL;
- if (blk_mq_has_sqsched(q))
+ if (blk_queue_sq_sched(q))
sq_hctx = blk_mq_get_sq_hctx(q);
queue_for_each_hw_ctx(q, hctx, i) {
if (blk_mq_hctx_stopped(hctx))
@@ -2169,7 +2155,7 @@ void blk_mq_delay_run_hw_queues(struct request_queue *q, unsigned long msecs)
int i;
sq_hctx = NULL;
- if (blk_mq_has_sqsched(q))
+ if (blk_queue_sq_sched(q))
sq_hctx = blk_mq_get_sq_hctx(q);
queue_for_each_hw_ctx(q, hctx, i) {
if (blk_mq_hctx_stopped(hctx))
diff --git a/block/kyber-iosched.c b/block/kyber-iosched.c
index 70ff2a599ef6..8f7c745b4a57 100644
--- a/block/kyber-iosched.c
+++ b/block/kyber-iosched.c
@@ -421,6 +421,8 @@ static int kyber_init_sched(struct request_queue *q, struct elevator_type *e)
blk_stat_enable_accounting(q);
+ blk_queue_flag_clear(QUEUE_FLAG_SQ_SCHED, q);
+
eq->elevator_data = kqd;
q->elevator = eq;
@@ -1033,7 +1035,6 @@ static struct elevator_type kyber_sched = {
#endif
.elevator_attrs = kyber_sched_attrs,
.elevator_name = "kyber",
- .elevator_features = ELEVATOR_F_MQ_AWARE,
.elevator_owner = THIS_MODULE,
};
diff --git a/block/mq-deadline.c b/block/mq-deadline.c
index 6ed602b2f80a..1a9e835e816c 100644
--- a/block/mq-deadline.c
+++ b/block/mq-deadline.c
@@ -642,6 +642,9 @@ static int dd_init_sched(struct request_queue *q, struct elevator_type *e)
spin_lock_init(&dd->lock);
spin_lock_init(&dd->zone_lock);
+ /* We dispatch from request queue wide instead of hw queue */
+ blk_queue_flag_set(QUEUE_FLAG_SQ_SCHED, q);
+
q->elevator = eq;
return 0;
diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h
index 16b47035e4b0..aa4fc2f5defc 100644
--- a/include/linux/blkdev.h
+++ b/include/linux/blkdev.h
@@ -412,6 +412,7 @@ struct request_queue {
#define QUEUE_FLAG_RQ_ALLOC_TIME 27 /* record rq->alloc_time_ns */
#define QUEUE_FLAG_HCTX_ACTIVE 28 /* at least one blk-mq hctx is active */
#define QUEUE_FLAG_NOWAIT 29 /* device supports NOWAIT */
+#define QUEUE_FLAG_SQ_SCHED 30 /* single queue style io dispatch */
#define QUEUE_FLAG_MQ_DEFAULT ((1 << QUEUE_FLAG_IO_STAT) | \
(1 << QUEUE_FLAG_SAME_COMP) | \
@@ -457,6 +458,7 @@ bool blk_queue_flag_test_and_set(unsigned int flag, struct request_queue *q);
#define blk_queue_fua(q) test_bit(QUEUE_FLAG_FUA, &(q)->queue_flags)
#define blk_queue_registered(q) test_bit(QUEUE_FLAG_REGISTERED, &(q)->queue_flags)
#define blk_queue_nowait(q) test_bit(QUEUE_FLAG_NOWAIT, &(q)->queue_flags)
+#define blk_queue_sq_sched(q) test_bit(QUEUE_FLAG_SQ_SCHED, &(q)->queue_flags)
extern void blk_set_pm_only(struct request_queue *q);
extern void blk_clear_pm_only(struct request_queue *q);
@@ -738,8 +740,6 @@ void disk_set_independent_access_ranges(struct gendisk *disk,
*/
/* Supports zoned block devices sequential write constraint */
#define ELEVATOR_F_ZBD_SEQ_WRITE (1U << 0)
-/* Supports scheduling on multiple hardware queues */
-#define ELEVATOR_F_MQ_AWARE (1U << 1)
extern void blk_queue_required_elevator_features(struct request_queue *q,
unsigned int features);
--
2.35.1
next prev parent reply other threads:[~2022-06-21 20:57 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-21 20:49 [PATCH AUTOSEL 5.17 01/20] genirq: PM: Use runtime PM for chained interrupts Sasha Levin
2022-06-21 20:49 ` [PATCH AUTOSEL 5.17 02/20] irqchip/uniphier-aidet: Add compatible string for NX1 SoC Sasha Levin
2022-06-21 20:49 ` Sasha Levin
2022-06-21 20:49 ` [PATCH AUTOSEL 5.17 03/20] staging: rtl8723bs: Allocate full pwep structure Sasha Levin
2022-06-21 20:49 ` [PATCH AUTOSEL 5.17 04/20] mei: me: set internal pg flag to off on hardware reset Sasha Levin
2022-06-21 20:49 ` [PATCH AUTOSEL 5.17 05/20] eeprom: at25: Split reads into chunks and cap write size Sasha Levin
2022-06-22 7:14 ` Geert Uytterhoeven
2022-06-21 20:49 ` [PATCH AUTOSEL 5.17 06/20] nvme-pci: add trouble shooting steps for timeouts Sasha Levin
2022-06-21 20:49 ` [PATCH AUTOSEL 5.17 07/20] nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG GAMMIX S50 Sasha Levin
2022-06-21 20:49 ` [PATCH AUTOSEL 5.17 08/20] nvme-pci: phison e12 has bogus namespace ids Sasha Levin
2022-06-21 20:49 ` [PATCH AUTOSEL 5.17 09/20] nvme-pci: smi " Sasha Levin
2022-06-21 20:50 ` [PATCH AUTOSEL 5.17 10/20] nvme-pci: sk hynix p31 " Sasha Levin
2022-06-21 20:50 ` [PATCH AUTOSEL 5.17 11/20] nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs Sasha Levin
2022-06-21 20:50 ` [PATCH AUTOSEL 5.17 12/20] nvme-pci: disable write zeros support on UMIC and Samsung SSDs Sasha Levin
2022-06-21 20:50 ` [PATCH AUTOSEL 5.17 13/20] ext2: fix fs corruption when trying to remove a non-empty directory with IO error Sasha Levin
2022-06-21 20:50 ` [PATCH AUTOSEL 5.17 14/20] ext4: fix warning when submitting superblock in ext4_commit_super() Sasha Levin
2022-06-21 20:50 ` [PATCH AUTOSEL 5.17 15/20] ext4: improve write performance with disabled delalloc Sasha Levin
2022-06-21 20:50 ` [PATCH AUTOSEL 5.17 16/20] blk-mq: protect q->elevator by ->sysfs_lock in blk_mq_elv_switch_none Sasha Levin
2022-06-21 20:50 ` Sasha Levin [this message]
2022-06-21 20:50 ` [PATCH AUTOSEL 5.17 18/20] blk-mq: don't clear flush_rq from tags->rqs[] Sasha Levin
2022-06-21 20:50 ` [PATCH AUTOSEL 5.17 19/20] cifs: when a channel is not found for server, log its connection id Sasha Levin
2022-06-21 20:50 ` [PATCH AUTOSEL 5.17 20/20] ext4: correct the judgment of BUG in ext4_mb_normalize_request Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220621205010.250185-17-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=axboe@kernel.dk \
--cc=hch@lst.de \
--cc=jack@suse.cz \
--cc=linux-block@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ming.lei@redhat.com \
--cc=paolo.valente@linaro.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.