From: Ming Lei <ming.lei@redhat.com>
To: Bart Van Assche <bart.vanassche@sandisk.com>
Cc: Jens Axboe <axboe@kernel.dk>,
linux-block@vger.kernel.org, Christoph Hellwig <hch@lst.de>,
Hannes Reinecke <hare@suse.com>, Omar Sandoval <osandov@fb.com>
Subject: Re: [PATCH 4/5] blk-mq-debugfs: Show busy requests
Date: Sat, 27 May 2017 11:16:35 +0800 [thread overview]
Message-ID: <20170527031634.GC20909@ming.t460p> (raw)
In-Reply-To: <20170527005456.GB20421@ming.t460p>
On Sat, May 27, 2017 at 08:54:57AM +0800, Ming Lei wrote:
> On Thu, May 25, 2017 at 04:38:09PM -0700, Bart Van Assche wrote:
> > Requests that got stuck in a block driver are neither on
> > blk_mq_ctx.rq_list nor on any hw dispatch queue. Make these
> > visible in debugfs through the "busy" attribute.
>
> The name of 'busy' isn't very explicit about this case, and I
> guess you mean the requests are dispatched to hardware, so
> 'dispatched' or sort of name may be more accurate.
>
> >
> > Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
> > Cc: Christoph Hellwig <hch@lst.de>
> > Cc: Hannes Reinecke <hare@suse.com>
> > Cc: Omar Sandoval <osandov@fb.com>
> > Cc: Ming Lei <ming.lei@redhat.com>
> > ---
> > block/blk-mq-debugfs.c | 25 +++++++++++++++++++++++++
> > 1 file changed, 25 insertions(+)
> >
> > diff --git a/block/blk-mq-debugfs.c b/block/blk-mq-debugfs.c
> > index 8b06a12c1461..70a2b955afee 100644
> > --- a/block/blk-mq-debugfs.c
> > +++ b/block/blk-mq-debugfs.c
> > @@ -370,6 +370,30 @@ static const struct seq_operations hctx_dispatch_seq_ops = {
> > .show = blk_mq_debugfs_rq_show,
> > };
> >
> > +struct show_busy_ctx {
> > + struct seq_file *m;
> > + struct blk_mq_hw_ctx *hctx;
> > +};
> > +
> > +static void hctx_show_busy(struct request *rq, void *data, bool reserved)
> > +{
> > + const struct show_busy_ctx *ctx = data;
> > +
> > + if (blk_mq_map_queue(rq->q, rq->mq_ctx->cpu) == ctx->hctx &&
> > + test_bit(REQ_ATOM_STARTED, &rq->atomic_flags))
>
> During this small window, the request can be freed and reallocated
> in another I/O path, then use-after-free is caused.
>
> > + blk_mq_debugfs_rq_show(ctx->m, &rq->queuelist);
> > +}
> > +
> > +static int hctx_busy_show(void *data, struct seq_file *m)
> > +{
> > + struct blk_mq_hw_ctx *hctx = data;
> > + struct show_busy_ctx ctx = { .m = m, .hctx = hctx };
> > +
> > + blk_mq_tagset_busy_iter(hctx->queue->tag_set, hctx_show_busy, &ctx);
>
> This way is easy to cause use-after-free, so as a debug function,
> you can't affect the normal function.
>
> But the new fixed blk_mq_quiesce_queue() can be used before calling
> blk_mq_tagset_busy_iter() to avoid the race.
>
> http://marc.info/?l=linux-block&m=149578610419654&w=2
Actually blk_mq_quiesce_queue can make other cancel cases safe because
blk_mark_rq_complete() is used before canceling.
For this case, we can't use blk_mark_rq_complete(), so there can't
be a safe way to touch the request dispatched to hardware.
Given the dispatched request won't be touched by CPU,
and its state shouldn't be changed, I am just wondering what is
the real motivation for this debug interface, could Bart explain
a bit?
Thanks,
Ming
next prev parent reply other threads:[~2017-05-27 3:16 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-25 23:38 [PATCH 0/5] Five blk-mq-debugfs patches Bart Van Assche
2017-05-25 23:38 ` [PATCH 1/5] blk-mq: Only register debugfs attributes for blk-mq queues Bart Van Assche
2017-05-26 0:23 ` Omar Sandoval
2017-05-26 5:56 ` Hannes Reinecke
2017-05-26 13:27 ` Jens Axboe
2017-05-25 23:38 ` [PATCH 2/5] blk-mq-debugfs: Show atomic request flags Bart Van Assche
2017-05-26 5:56 ` Hannes Reinecke
2017-05-25 23:38 ` [PATCH 3/5] blk-mq-debugfs: Show requeue list Bart Van Assche
2017-05-26 5:57 ` Hannes Reinecke
2017-05-25 23:38 ` [PATCH 4/5] blk-mq-debugfs: Show busy requests Bart Van Assche
2017-05-26 13:26 ` Jens Axboe
2017-05-26 21:17 ` Bart Van Assche
2017-05-26 21:20 ` Jens Axboe
2017-05-26 21:21 ` Jens Axboe
2017-05-26 21:22 ` Bart Van Assche
2017-05-26 14:38 ` Hannes Reinecke
2017-05-26 21:27 ` Bart Van Assche
2017-05-26 21:32 ` Jens Axboe
2017-05-27 0:54 ` Ming Lei
2017-05-27 3:16 ` Ming Lei [this message]
2017-05-30 17:29 ` Bart Van Assche
2017-05-30 17:24 ` Bart Van Assche
2017-05-30 17:32 ` Jens Axboe
2017-05-25 23:38 ` [PATCH 5/5] blk-mq-debugfs: Add 'kick' operation Bart Van Assche
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170527031634.GC20909@ming.t460p \
--to=ming.lei@redhat.com \
--cc=axboe@kernel.dk \
--cc=bart.vanassche@sandisk.com \
--cc=hare@suse.com \
--cc=hch@lst.de \
--cc=linux-block@vger.kernel.org \
--cc=osandov@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox