From: Bart Van Assche <bvanassche@acm.org>
Cc: James Bottomley <jbottomley@parallels.com>,
Mike Christie <michaelc@cs.wisc.edu>,
Hannes Reinecke <hare@suse.de>, Chanho Min <chanho.min@lge.com>,
Joe Lawrence <jdl1291@gmail.com>,
linux-scsi <linux-scsi@vger.kernel.org>,
David Milburn <dmilburn@redhat.com>, Tejun Heo <tj@kernel.org>
Subject: [PATCH v12 1/6] Fix race between starved list and device removal
Date: Thu, 27 Jun 2013 16:52:47 +0200 [thread overview]
Message-ID: <51CC51BF.60803@acm.org> (raw)
In-Reply-To: <51CC5176.90609@acm.org>
From: James Bottomley <JBottomley@Parallels.com>
scsi_run_queue() examines all SCSI devices that are present on
the starved list. Since scsi_run_queue() unlocks the SCSI host
lock a SCSI device can get removed after it has been removed
from the starved list and before its queue is run. Protect
against that race condition by holding a reference on the
queue while running it.
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Reported-by: Chanho Min <chanho.min@lge.com>
Reference: http://lkml.org/lkml/2012/8/2/96
Cc: Tejun Heo <tj@kernel.org>
Cc: Mike Christie <michaelc@cs.wisc.edu>
Cc: Hannes Reinecke <hare@suse.de>
Cc: <stable@vger.kernel.org>
---
drivers/scsi/scsi_lib.c | 26 +++++++++++++++++++++-----
1 file changed, 21 insertions(+), 5 deletions(-)
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
index 86d5220..df8bd5a 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -434,6 +434,8 @@ static void scsi_run_queue(struct request_queue *q)
list_splice_init(&shost->starved_list, &starved_list);
while (!list_empty(&starved_list)) {
+ struct request_queue *slq;
+
/*
* As long as shost is accepting commands and we have
* starved queues, call blk_run_queue. scsi_request_fn
@@ -456,11 +458,25 @@ static void scsi_run_queue(struct request_queue *q)
continue;
}
- spin_unlock(shost->host_lock);
- spin_lock(sdev->request_queue->queue_lock);
- __blk_run_queue(sdev->request_queue);
- spin_unlock(sdev->request_queue->queue_lock);
- spin_lock(shost->host_lock);
+ /*
+ * Once we drop the host lock, a racing scsi_remove_device()
+ * call may remove the sdev from the starved list and destroy
+ * it and the queue. Mitigate by taking a reference to the
+ * queue and never touching the sdev again after we drop the
+ * host lock. Note: if __scsi_remove_device() invokes
+ * blk_cleanup_queue() before the queue is run from this
+ * function then blk_run_queue() will return immediately since
+ * blk_cleanup_queue() marks the queue with QUEUE_FLAG_DYING.
+ */
+ slq = sdev->request_queue;
+ if (!blk_get_queue(slq))
+ continue;
+ spin_unlock_irqrestore(shost->host_lock, flags);
+
+ blk_run_queue(slq);
+ blk_put_queue(slq);
+
+ spin_lock_irqsave(shost->host_lock, flags);
}
/* put any unprocessed entries back */
list_splice(&starved_list, &shost->starved_list);
--
1.7.10.4
next prev parent reply other threads:[~2013-06-27 14:52 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-27 14:51 [PATCH v12 0/6] SCSI device removal fixes Bart Van Assche
2013-06-27 14:52 ` Bart Van Assche [this message]
2013-06-27 14:53 ` [PATCH v12 2/6] Avoid calling __scsi_remove_device() twice Bart Van Assche
2013-07-01 7:05 ` James Bottomley
2013-07-01 7:14 ` Bart Van Assche
2013-07-01 14:38 ` James Bottomley
2013-06-27 14:54 ` [PATCH v12 3/6] Restrict device state changes allowed via sysfs Bart Van Assche
2013-07-01 8:23 ` Hannes Reinecke
2013-07-01 14:51 ` James Bottomley
2013-06-27 14:55 ` [PATCH v12 4/6] Avoid saving/restoring interrupt state inside scsi_remove_host() Bart Van Assche
2013-06-27 14:56 ` [PATCH v12 5/6] Avoid that scsi_device_set_state() triggers a race Bart Van Assche
2013-07-01 14:49 ` James Bottomley
2013-07-01 15:17 ` Bart Van Assche
2013-07-01 16:52 ` James Bottomley
2013-07-02 6:42 ` Bart Van Assche
2013-06-27 14:57 ` [PATCH v12 6/6] Avoid re-enabling I/O after the transport became offline Bart Van Assche
2013-07-01 8:27 ` Hannes Reinecke
2013-07-01 12:05 ` Bart Van Assche
2013-07-01 12:09 ` Hannes Reinecke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51CC51BF.60803@acm.org \
--to=bvanassche@acm.org \
--cc=chanho.min@lge.com \
--cc=dmilburn@redhat.com \
--cc=hare@suse.de \
--cc=jbottomley@parallels.com \
--cc=jdl1291@gmail.com \
--cc=linux-scsi@vger.kernel.org \
--cc=michaelc@cs.wisc.edu \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.