From: Uday Shankar <ushankar@purestorage.com>
To: Ming Lei <ming.lei@redhat.com>
Cc: Jens Axboe <axboe@kernel.dk>,
linux-block@vger.kernel.org,
Caleb Sander Mateos <csander@purestorage.com>
Subject: Re: [PATCH 2/9] ublk: properly serialize all FETCH_REQs
Date: Tue, 15 Apr 2025 19:04:13 -0600 [thread overview]
Message-ID: <Z/8CDUwcKNDRzyOU@dev-ushankar.dev.purestorage.com> (raw)
In-Reply-To: <Z/1o946/z43QETPr@dev-ushankar.dev.purestorage.com>
On Mon, Apr 14, 2025 at 01:58:47PM -0600, Uday Shankar wrote:
> On Mon, Apr 14, 2025 at 07:25:43PM +0800, Ming Lei wrote:
> > From: Uday Shankar <ushankar@purestorage.com>
> >
> > Most uring_cmds issued against ublk character devices are serialized
> > because each command affects only one queue, and there is an early check
> > which only allows a single task (the queue's ubq_daemon) to issue
> > uring_cmds against that queue. However, this mechanism does not work for
> > FETCH_REQs, since they are expected before ubq_daemon is set. Since
> > FETCH_REQs are only used at initialization and not in the fast path,
> > serialize them using the per-ublk-device mutex. This fixes a number of
> > data races that were previously possible if a badly behaved ublk server
> > decided to issue multiple FETCH_REQs against the same qid/tag
> > concurrently.
> >
> > Reviewed-by: Ming Lei <ming.lei@redhat.com>
> > Reported-by: Caleb Sander Mateos <csander@purestorage.com>
> > Signed-off-by: Uday Shankar <ushankar@purestorage.com>
>
> Thanks for picking this up. Can you use the following patch instead? It
> has two changes compared to [1]:
>
> - Factor FETCH command into its own function
> - Return -EAGAIN for non-blocking dispatch because we are taking a
> mutex.
>
> [1] https://lore.kernel.org/linux-block/20250410-ublk_task_per_io-v3-1-b811e8f4554a@purestorage.com/
>
> diff --git a/drivers/block/ublk_drv.c b/drivers/block/ublk_drv.c
> index 2fd05c1bd30b..8efb7668ab2c 100644
> --- a/drivers/block/ublk_drv.c
> +++ b/drivers/block/ublk_drv.c
> @@ -1809,8 +1809,8 @@ static void ublk_nosrv_work(struct work_struct *work)
>
> /* device can only be started after all IOs are ready */
> static void ublk_mark_io_ready(struct ublk_device *ub, struct ublk_queue *ubq)
> + __must_hold(&ub->mutex)
> {
> - mutex_lock(&ub->mutex);
> ubq->nr_io_ready++;
> if (ublk_queue_ready(ubq)) {
> ubq->ubq_daemon = current;
> @@ -1822,7 +1822,6 @@ static void ublk_mark_io_ready(struct ublk_device *ub, struct ublk_queue *ubq)
> }
> if (ub->nr_queues_ready == ub->dev_info.nr_hw_queues)
> complete_all(&ub->completion);
> - mutex_unlock(&ub->mutex);
> }
>
> static void ublk_handle_need_get_data(struct ublk_device *ub, int q_id,
> @@ -1906,6 +1905,52 @@ static int ublk_unregister_io_buf(struct io_uring_cmd *cmd,
> return io_buffer_unregister_bvec(cmd, index, issue_flags);
> }
>
> +static int ublk_fetch(struct io_uring_cmd *cmd, struct ublk_device *ub,
> + struct ublk_queue *ubq, struct ublk_io *io,
> + const struct ublksrv_io_cmd *ub_cmd,
> + unsigned int issue_flags)
> +{
> + int ret = 0;
> +
> + if (issue_flags & IO_URING_F_NONBLOCK)
> + return -EAGAIN;
> +
> + mutex_lock(&ub->mutex);
> + /* UBLK_IO_FETCH_REQ is only allowed before queue is setup */
> + if (ublk_queue_ready(ubq)) {
> + ret = -EBUSY;
> + goto out;
> + }
> +
> + /* allow each command to be FETCHed at most once */
> + if (io->flags & UBLK_IO_FLAG_ACTIVE) {
> + ret = -EINVAL;
> + goto out;
> + }
> +
> + WARN_ON_ONCE(io->flags & UBLK_IO_FLAG_OWNED_BY_SRV);
> +
> + if (ublk_need_map_io(ubq)) {
> + /*
> + * FETCH_RQ has to provide IO buffer if NEED GET
> + * DATA is not enabled
> + */
> + if (!ub_cmd->addr && !ublk_need_get_data(ubq))
> + goto out;
> + } else if (ub_cmd->addr) {
> + /* User copy requires addr to be unset */
> + ret = -EINVAL;
> + goto out;
> + }
> +
> + ublk_fill_io_cmd(io, cmd, ub_cmd->addr);
> + ublk_mark_io_ready(ub, ubq);
> +
> +out:
> + mutex_unlock(&ub->mutex);
> + return ret;
> +}
> +
> static int __ublk_ch_uring_cmd(struct io_uring_cmd *cmd,
> unsigned int issue_flags,
> const struct ublksrv_io_cmd *ub_cmd)
> @@ -1962,34 +2007,7 @@ static int __ublk_ch_uring_cmd(struct io_uring_cmd *cmd,
> case UBLK_IO_UNREGISTER_IO_BUF:
> return ublk_unregister_io_buf(cmd, ub_cmd->addr, issue_flags);
> case UBLK_IO_FETCH_REQ:
> - /* UBLK_IO_FETCH_REQ is only allowed before queue is setup */
> - if (ublk_queue_ready(ubq)) {
> - ret = -EBUSY;
> - goto out;
> - }
> - /*
> - * The io is being handled by server, so COMMIT_RQ is expected
> - * instead of FETCH_REQ
> - */
> - if (io->flags & UBLK_IO_FLAG_OWNED_BY_SRV)
> - goto out;
> -
> - if (ublk_need_map_io(ubq)) {
> - /*
> - * FETCH_RQ has to provide IO buffer if NEED GET
> - * DATA is not enabled
> - */
> - if (!ub_cmd->addr && !ublk_need_get_data(ubq))
> - goto out;
> - } else if (ub_cmd->addr) {
> - /* User copy requires addr to be unset */
> - ret = -EINVAL;
> - goto out;
> - }
> -
> - ublk_fill_io_cmd(io, cmd, ub_cmd->addr);
> - ublk_mark_io_ready(ub, ubq);
> - break;
> + return ublk_fetch(cmd, ub, ubq, io, ub_cmd, issue_flags);
One more bug here, this skips the
ublk_prep_cancel(cmd, issue_flags, ubq, tag);
return -EIOCBQUEUED;
that is after the switch statement.
> case UBLK_IO_COMMIT_AND_FETCH_REQ:
> req = blk_mq_tag_to_rq(ub->tag_set.tags[ub_cmd->q_id], tag);
>
>
next prev parent reply other threads:[~2025-04-16 1:04 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-14 11:25 [PATCH 0/9] ublk: simplify & improve IO canceling Ming Lei
2025-04-14 11:25 ` [PATCH 1/9] ublk: don't try to stop disk if ->ub_disk is NULL Ming Lei
2025-04-14 19:44 ` Uday Shankar
2025-04-15 1:32 ` Ming Lei
2025-04-14 11:25 ` [PATCH 2/9] ublk: properly serialize all FETCH_REQs Ming Lei
2025-04-14 19:58 ` Uday Shankar
2025-04-14 20:39 ` Jens Axboe
2025-04-14 20:52 ` Uday Shankar
2025-04-14 21:00 ` Jens Axboe
2025-04-15 1:40 ` Ming Lei
2025-04-16 1:13 ` Ming Lei
2025-04-16 1:17 ` Jens Axboe
2025-04-16 2:04 ` Ming Lei
2025-04-16 1:04 ` Uday Shankar [this message]
2025-04-14 11:25 ` [PATCH 3/9] ublk: add ublk_force_abort_dev() Ming Lei
2025-04-14 20:06 ` Uday Shankar
2025-04-14 11:25 ` [PATCH 4/9] ublk: rely on ->canceling for dealing with ublk_nosrv_dev_should_queue_io Ming Lei
2025-04-14 20:15 ` Uday Shankar
2025-04-15 1:48 ` Ming Lei
2025-04-14 11:25 ` [PATCH 5/9] ublk: move device reset into ublk_ch_release() Ming Lei
2025-04-14 20:29 ` Uday Shankar
2025-04-15 1:50 ` Ming Lei
2025-04-14 11:25 ` [PATCH 6/9] ublk: improve detection and handling of ublk server exit Ming Lei
2025-04-14 20:36 ` Uday Shankar
2025-04-15 1:54 ` Ming Lei
2025-04-14 11:25 ` [PATCH 7/9] ublk: remove __ublk_quiesce_dev() Ming Lei
2025-04-14 20:37 ` Uday Shankar
2025-04-14 11:25 ` [PATCH 8/9] ublk: simplify aborting ublk request Ming Lei
2025-04-14 20:42 ` Uday Shankar
2025-04-14 11:25 ` [PATCH 9/9] selftests: ublk: add generic_06 for covering fault inject Ming Lei
2025-04-14 20:44 ` Uday Shankar
2025-04-15 1:57 ` Ming Lei
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z/8CDUwcKNDRzyOU@dev-ushankar.dev.purestorage.com \
--to=ushankar@purestorage.com \
--cc=axboe@kernel.dk \
--cc=csander@purestorage.com \
--cc=linux-block@vger.kernel.org \
--cc=ming.lei@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.