From: Mike Snitzer <snitzer@redhat.com>
To: Christoph Hellwig <hch@lst.de>
Cc: Jens Axboe <axboe@kernel.dk>, Mike Snitzer <snitzer@kernel.org>,
linux-block@vger.kernel.org, Yu Kuai <yukuai1@huaweicloud.com>,
dm-devel@redhat.com, "yukuai \(C\)" <yukuai3@huawei.com>,
Alasdair Kergon <agk@redhat.com>
Subject: Re: [dm-devel] [PATCH 5/7] dm: track per-add_disk holder relations in DM
Date: Thu, 10 Nov 2022 13:09:20 -0500 [thread overview]
Message-ID: <Y20+UNI0KV2VjUSi@redhat.com> (raw)
In-Reply-To: <20221109082645.GA14093@lst.de>
On Wed, Nov 09 2022 at 3:26P -0500,
Christoph Hellwig <hch@lst.de> wrote:
> On Wed, Nov 09, 2022 at 10:08:14AM +0800, Yu Kuai wrote:
> >> diff --git a/drivers/md/dm.c b/drivers/md/dm.c
> >> index 2917700b1e15c..7b0d6dc957549 100644
> >> --- a/drivers/md/dm.c
> >> +++ b/drivers/md/dm.c
> >> @@ -751,9 +751,16 @@ static struct table_device *open_table_device(struct mapped_device *md,
> >> goto out_free_td;
> >> }
> >> - r = bd_link_disk_holder(bdev, dm_disk(md));
> >> - if (r)
> >> - goto out_blkdev_put;
> >> + /*
> >> + * We can be called before the dm disk is added. In that case we can't
> >> + * register the holder relation here. It will be done once add_disk was
> >> + * called.
> >> + */
> >> + if (md->disk->slave_dir) {
> > If device_add_disk() or del_gendisk() can concurrent with this, It seems
> > to me that using 'slave_dir' is not safe.
> >
> > I'm not quite familiar with dm, can we guarantee that they can't
> > concurrent?
>
> I assumed dm would not get itself into territory were creating /
> deleting the device could race with adding component devices, but
> digging deeper I can't find anything. This could be done
> by holding table_devices_lock around add_disk/del_gendisk, but
> I'm not that familar with the dm code.
>
> Mike, can you help out on this?
Maybe :/
Underlying component devices can certainly come and go at any
time. And there is no DM code that can, or should, prevent that. All
we can do is cope with unavailability of devices. But pretty sure that
isn't the question.
I'm unclear about the specific race in question:
if open_table_device() doesn't see slave_dir it is the first table
load. Otherwise, the DM device (and associated gendisk) shouldn't have
been torn down while a table is actively being loaded for it. But
_where_ the code lives, to ensure that, is also eluding me...
You could use a big lock (table_devices_lock) to disallow changes to
DM relations while loading the table. But I wouldn't think it needed
as long as the gendisk's lifecycle is protected vs table loads (or
other concurrent actions like table load vs dm device removal). Again,
more code inspection needed to page all this back into my head.
The concern for race aside:
I am concerned that your redundant bd_link_disk_holder() (first in
open_table_device and later in dm_setup_md_queue) will result in
dangling refcount (e.g. increase of 2 when it should only be by 1) --
given bd_link_disk_holder will gladly just bump its holder->refcnt if
bd_find_holder_disk() returns an existing holder. This would occur if
a DM table is already loaded (and DM device's gendisk exists) and a
new DM table is being loaded.
Mike
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel
WARNING: multiple messages have this Message-ID (diff)
From: Mike Snitzer <snitzer@redhat.com>
To: Christoph Hellwig <hch@lst.de>
Cc: Yu Kuai <yukuai1@huaweicloud.com>, Jens Axboe <axboe@kernel.dk>,
Mike Snitzer <snitzer@kernel.org>,
linux-block@vger.kernel.org, dm-devel@redhat.com,
"yukuai (C)" <yukuai3@huawei.com>,
Alasdair Kergon <agk@redhat.com>
Subject: Re: [PATCH 5/7] dm: track per-add_disk holder relations in DM
Date: Thu, 10 Nov 2022 13:09:20 -0500 [thread overview]
Message-ID: <Y20+UNI0KV2VjUSi@redhat.com> (raw)
In-Reply-To: <20221109082645.GA14093@lst.de>
On Wed, Nov 09 2022 at 3:26P -0500,
Christoph Hellwig <hch@lst.de> wrote:
> On Wed, Nov 09, 2022 at 10:08:14AM +0800, Yu Kuai wrote:
> >> diff --git a/drivers/md/dm.c b/drivers/md/dm.c
> >> index 2917700b1e15c..7b0d6dc957549 100644
> >> --- a/drivers/md/dm.c
> >> +++ b/drivers/md/dm.c
> >> @@ -751,9 +751,16 @@ static struct table_device *open_table_device(struct mapped_device *md,
> >> goto out_free_td;
> >> }
> >> - r = bd_link_disk_holder(bdev, dm_disk(md));
> >> - if (r)
> >> - goto out_blkdev_put;
> >> + /*
> >> + * We can be called before the dm disk is added. In that case we can't
> >> + * register the holder relation here. It will be done once add_disk was
> >> + * called.
> >> + */
> >> + if (md->disk->slave_dir) {
> > If device_add_disk() or del_gendisk() can concurrent with this, It seems
> > to me that using 'slave_dir' is not safe.
> >
> > I'm not quite familiar with dm, can we guarantee that they can't
> > concurrent?
>
> I assumed dm would not get itself into territory were creating /
> deleting the device could race with adding component devices, but
> digging deeper I can't find anything. This could be done
> by holding table_devices_lock around add_disk/del_gendisk, but
> I'm not that familar with the dm code.
>
> Mike, can you help out on this?
Maybe :/
Underlying component devices can certainly come and go at any
time. And there is no DM code that can, or should, prevent that. All
we can do is cope with unavailability of devices. But pretty sure that
isn't the question.
I'm unclear about the specific race in question:
if open_table_device() doesn't see slave_dir it is the first table
load. Otherwise, the DM device (and associated gendisk) shouldn't have
been torn down while a table is actively being loaded for it. But
_where_ the code lives, to ensure that, is also eluding me...
You could use a big lock (table_devices_lock) to disallow changes to
DM relations while loading the table. But I wouldn't think it needed
as long as the gendisk's lifecycle is protected vs table loads (or
other concurrent actions like table load vs dm device removal). Again,
more code inspection needed to page all this back into my head.
The concern for race aside:
I am concerned that your redundant bd_link_disk_holder() (first in
open_table_device and later in dm_setup_md_queue) will result in
dangling refcount (e.g. increase of 2 when it should only be by 1) --
given bd_link_disk_holder will gladly just bump its holder->refcnt if
bd_find_holder_disk() returns an existing holder. This would occur if
a DM table is already loaded (and DM device's gendisk exists) and a
new DM table is being loaded.
Mike
next prev parent reply other threads:[~2022-11-10 18:09 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-30 15:31 [dm-devel] fix delayed holder tracking v2 Christoph Hellwig
2022-10-30 15:31 ` Christoph Hellwig
2022-10-30 15:31 ` [dm-devel] [PATCH 1/7] block: clear ->slave_dir when dropping the main slave_dir reference Christoph Hellwig
2022-10-30 15:31 ` Christoph Hellwig
2022-10-30 15:31 ` [dm-devel] [PATCH 2/7] dm: remove free_table_devices Christoph Hellwig
2022-10-30 15:31 ` Christoph Hellwig
2022-10-30 15:31 ` [dm-devel] [PATCH 3/7] dm: cleanup open_table_device Christoph Hellwig
2022-10-30 15:31 ` Christoph Hellwig
2022-10-30 15:31 ` [dm-devel] [PATCH 4/7] dm: cleanup close_table_device Christoph Hellwig
2022-10-30 15:31 ` Christoph Hellwig
2022-10-30 15:31 ` [dm-devel] [PATCH 5/7] dm: track per-add_disk holder relations in DM Christoph Hellwig
2022-10-30 15:31 ` Christoph Hellwig
2022-11-09 2:08 ` [dm-devel] " Yu Kuai
2022-11-09 2:08 ` Yu Kuai
2022-11-09 8:26 ` [dm-devel] " Christoph Hellwig
2022-11-09 8:26 ` Christoph Hellwig
2022-11-10 18:09 ` Mike Snitzer [this message]
2022-11-10 18:09 ` Mike Snitzer
2022-11-10 19:48 ` [dm-devel] " Mike Snitzer
2022-11-10 19:48 ` Mike Snitzer
2022-11-12 6:23 ` [dm-devel] " Yu Kuai
2022-11-12 6:23 ` Yu Kuai
2022-10-30 15:31 ` [dm-devel] [PATCH 6/7] block: remove delayed holder registration Christoph Hellwig
2022-10-30 15:31 ` Christoph Hellwig
2022-10-30 15:31 ` [dm-devel] [PATCH 7/7] block: store the holder kobject in bd_holder_disk Christoph Hellwig
2022-10-30 15:31 ` Christoph Hellwig
2022-10-31 1:52 ` [dm-devel] " Yu Kuai
2022-10-31 1:52 ` Yu Kuai
2022-11-01 10:49 ` [dm-devel] " Christoph Hellwig
2022-11-01 10:49 ` Christoph Hellwig
2022-11-01 11:12 ` [dm-devel] " Yu Kuai
2022-11-01 11:12 ` Yu Kuai
2022-11-01 11:21 ` [dm-devel] " Christoph Hellwig
2022-11-01 11:21 ` Christoph Hellwig
2022-11-01 11:28 ` [dm-devel] " Yu Kuai
2022-11-01 11:28 ` Yu Kuai
2022-11-01 13:18 ` [dm-devel] " Christoph Hellwig
2022-11-01 13:18 ` Christoph Hellwig
2022-11-01 13:29 ` [dm-devel] " Yu Kuai
2022-11-01 13:29 ` Yu Kuai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y20+UNI0KV2VjUSi@redhat.com \
--to=snitzer@redhat.com \
--cc=agk@redhat.com \
--cc=axboe@kernel.dk \
--cc=dm-devel@redhat.com \
--cc=hch@lst.de \
--cc=linux-block@vger.kernel.org \
--cc=snitzer@kernel.org \
--cc=yukuai1@huaweicloud.com \
--cc=yukuai3@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.