From: Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
To: Vivek Goyal <vgoyal-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: Joe Lawrence
<joe.lawrence-7+ureL1bLXNBDgjK7y7TUQ@public.gmane.org>,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Cgroups <cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: docker crashes rcuos in __blkg_release_rcu
Date: Thu, 19 Jun 2014 16:26:40 -0400 [thread overview]
Message-ID: <20140619202640.GA9814@mtj.dyndns.org> (raw)
In-Reply-To: <20140611163229.GA12974-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Sorry about the late reply.
On Wed, Jun 11, 2014 at 12:32:29PM -0400, Vivek Goyal wrote:
> Tejun, any thoughts on how to solve this issue. Delaying blkg release
> in rcu context and then expecting queue to be still present is causing
> this problem.
Heh, this is hilarious. If you look at the comment right above
__blkg_release_rcu(), it says
* A group is RCU protected, but having an rcu lock does not mean that one
* can access all the fields of blkg and assume these are valid. For
* example, don't try to follow throtl_data and request queue links.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
And yet the code brazenly derefs the ->q link to access the lock there
and causes oops. This is from 2a4fd070ee85 ("blkcg: move bulk of
blkcg_gq release operations to the RCU callback"). I stupidly didn't
realize what I was doing even while moving the comment itself.
Well, the obvious solution is making blkg ref an atomic. I was
planning to convert it to percpu_ref anyway. We can first convert it
to atomic_t for -stable and then to percpu_ref. Will prep a patch.
Thanks for tracking it down!
--
tejun
next prev parent reply other threads:[~2014-06-19 20:26 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <alpine.DEB.2.02.1406081816540.17948@jlaw-desktop.mno.stratus.com>
[not found] ` <20140609174708.GA31499@redhat.com>
[not found] ` <20140609182728.GB31499@redhat.com>
[not found] ` <20140610143906.0d2f35d0@jlaw-desktop.mno.stratus.com>
[not found] ` <20140610143906.0d2f35d0-ceYW5R1vr2hcrvxNGtJwk767FWEIOpWeVpNB7YpNyf8@public.gmane.org>
2014-06-11 16:32 ` docker crashes rcuos in __blkg_release_rcu Vivek Goyal
[not found] ` <20140611163229.GA12974-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-06-19 20:26 ` Tejun Heo [this message]
[not found] ` <20140619202640.GA9814-9pTldWuhBndy/B6EtB590w@public.gmane.org>
2014-06-19 21:42 ` [PATCH block/for-linus] blkcg: fix use-after-free in __blkg_release_rcu() by making blkcg_gq refcnt an atomic_t Tejun Heo
[not found] ` <20140619214257.GE9814-9pTldWuhBndy/B6EtB590w@public.gmane.org>
2014-06-20 14:39 ` Vivek Goyal
[not found] ` <20140620143901.GC7354-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-06-20 18:50 ` Jens Axboe
2014-06-20 18:50 ` Joe Lawrence
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140619202640.GA9814@mtj.dyndns.org \
--to=tj-dgejt+ai2ygdnm+yrofe0a@public.gmane.org \
--cc=cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=joe.lawrence-7+ureL1bLXNBDgjK7y7TUQ@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=vgoyal-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).