From: Bart Van Assche <bvanassche@acm.org>
To: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: linux-scsi <linux-scsi@vger.kernel.org>,
Joe Lawrence <jdl1291@gmail.com>, Tejun Heo <tj@kernel.org>,
Chanho Min <chanho.min@lge.com>,
David Milburn <dmilburn@redhat.com>,
Hannes Reinecke <hare@suse.de>,
Mike Christie <michaelc@cs.wisc.edu>
Subject: Re: [PATCH v11 1/9] Fix race between starved list and device removal
Date: Mon, 24 Jun 2013 18:16:14 +0200 [thread overview]
Message-ID: <51C870CE.4020900@acm.org> (raw)
In-Reply-To: <1372088320.2013.33.camel@dabdike.int.hansenpartnership.com>
On 06/24/13 17:38, James Bottomley wrote:
> I really don't like this because it's shuffling potentially fragile
> lifetime rules since you now have to have the sdev deleted from the
> starved list before final put. That becomes an unstated assumption
> within the code.
>
> The theory is that the starved list processing may be racing with a
> scsi_remove_device, so when we unlock the host lock, the device (and the
> queue) may be destroyed. OK, so I agree with this, remote a possibility
> though it may be. The easy way of fixing it without making assumptions
> is this, isn't it? All it requires is that the queue be destroyed after
> the starved list entry is deleted in the sdev release code.
>
> James
>
> ---
>
> diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
> index 86d5220..f294cc6 100644
> --- a/drivers/scsi/scsi_lib.c
> +++ b/drivers/scsi/scsi_lib.c
> @@ -434,6 +434,7 @@ static void scsi_run_queue(struct request_queue *q)
> list_splice_init(&shost->starved_list, &starved_list);
>
> while (!list_empty(&starved_list)) {
> + struct request_queue *slq;
> /*
> * As long as shost is accepting commands and we have
> * starved queues, call blk_run_queue. scsi_request_fn
> @@ -456,10 +457,21 @@ static void scsi_run_queue(struct request_queue *q)
> continue;
> }
>
> + /*
> + * once we drop the host lock, a racing scsi_remove_device may
> + * remove the sdev from the starved list and destroy it and
> + * the queue. Mitigate by taking a reference to the queue and
> + * never touching the sdev again after we drop the host lock.
> + */
> + slq = sdev->request_queue;
> + if (!blk_get_queue(slq))
> + continue;
> +
> spin_unlock(shost->host_lock);
> - spin_lock(sdev->request_queue->queue_lock);
> - __blk_run_queue(sdev->request_queue);
> - spin_unlock(sdev->request_queue->queue_lock);
> +
> + blk_run_queue(slq);
> + blk_put_queue(slq);
> +
> spin_lock(shost->host_lock);
> }
> /* put any unprocessed entries back */
Since the above patch invokes blk_put_queue() with interrupts disabled
it may cause blk_release_queue() to be invoked with interrupts disabled.
Sorry but I'm not sure whether that will work fine.
Bart.
next prev parent reply other threads:[~2013-06-24 16:16 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-12 12:48 [PATCH v11 0/9] More device removal fixes Bart Van Assche
2013-06-12 12:49 ` [PATCH v11 1/9] Fix race between starved list and device removal Bart Van Assche
2013-06-24 15:38 ` James Bottomley
2013-06-24 16:16 ` Bart Van Assche [this message]
2013-06-24 16:23 ` James Bottomley
2013-06-24 17:24 ` Mike Christie
2013-06-24 17:49 ` James Bottomley
2013-06-12 12:51 ` [PATCH v11 2/9] Remove get_device() / put_device() pair from scsi_request_fn() Bart Van Assche
2013-06-24 1:29 ` Mike Christie
2013-06-24 2:36 ` James Bottomley
2013-06-24 7:13 ` Bart Van Assche
2013-06-24 13:34 ` James Bottomley
2013-06-24 15:43 ` Bart Van Assche
2013-06-12 12:52 ` [PATCH v11 3/9] Avoid calling __scsi_remove_device() twice Bart Van Assche
2013-06-23 21:35 ` Mike Christie
2013-06-24 6:29 ` Bart Van Assche
2013-06-24 17:38 ` James Bottomley
2013-06-25 8:37 ` Bart Van Assche
2013-06-25 13:44 ` James Bottomley
2013-06-25 15:23 ` Bart Van Assche
2013-06-12 12:53 ` [PATCH v11 4/9] Disallow changing the device state via sysfs into "deleted" Bart Van Assche
2013-06-24 1:05 ` Mike Christie
2013-06-24 6:35 ` Bart Van Assche
2013-06-24 17:59 ` James Bottomley
2013-06-25 8:41 ` Bart Van Assche
2013-06-25 13:42 ` James Bottomley
2013-06-12 12:54 ` [PATCH v11 5/9] Avoid saving/restoring interrupt state inside scsi_remove_host() Bart Van Assche
2013-06-24 1:06 ` Mike Christie
2013-06-12 12:55 ` [PATCH v11 6/9] Make scsi_remove_host() wait until error handling finished Bart Van Assche
2013-06-24 1:15 ` Mike Christie
2013-06-24 6:49 ` Bart Van Assche
2013-06-24 19:19 ` James Bottomley
2013-06-24 20:04 ` Mike Christie
2013-06-24 22:27 ` James Bottomley
2013-06-25 2:26 ` Mike Christie
2013-06-25 2:56 ` Michael Christie
2013-06-25 9:01 ` Bart Van Assche
2013-06-25 13:45 ` James Bottomley
2013-06-25 15:31 ` Bart Van Assche
2013-06-25 16:13 ` Michael Christie
2013-06-25 17:40 ` James Bottomley
2013-06-25 17:47 ` Bart Van Assche
2014-01-30 19:46 ` Bart Van Assche
2014-01-31 5:58 ` James Bottomley
2014-01-31 7:52 ` Bart Van Assche
2013-06-25 11:13 ` Bart Van Assche
2013-06-12 12:56 ` PATCH v11 7/9] Avoid that scsi_device_set_state() triggers a race Bart Van Assche
2013-06-12 12:57 ` [PATCH v11 8/9] Save and restore host_scribble during error handling Bart Van Assche
2013-06-24 1:21 ` Mike Christie
2013-06-24 2:08 ` James Bottomley
2013-06-12 12:58 ` [PATCH v11 9/9] Avoid reenabling I/O after the transport became offline Bart Van Assche
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51C870CE.4020900@acm.org \
--to=bvanassche@acm.org \
--cc=James.Bottomley@HansenPartnership.com \
--cc=chanho.min@lge.com \
--cc=dmilburn@redhat.com \
--cc=hare@suse.de \
--cc=jdl1291@gmail.com \
--cc=linux-scsi@vger.kernel.org \
--cc=michaelc@cs.wisc.edu \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.