From: Tejun Heo <tj@kernel.org>
To: Joseph Qi <joseph.qi@linux.alibaba.com>
Cc: Jens Axboe <axboe@kernel.dk>,
xuejiufei <jiufei.xue@linux.alibaba.com>,
Caspar Zhang <caspar@linux.alibaba.com>,
linux-block <linux-block@vger.kernel.org>,
cgroups@vger.kernel.org
Subject: Re: [PATCH v2] blk-throttle: fix race between blkcg_bio_issue_check and cgroup_rmdir
Date: Wed, 7 Feb 2018 13:38:11 -0800 [thread overview]
Message-ID: <20180207213811.GF695913@devbig577.frc2.facebook.com> (raw)
In-Reply-To: <6f136c90-faa9-4bc0-b02f-3a112b4d8360@linux.alibaba.com>
Hello, Joseph.
On Wed, Feb 07, 2018 at 04:40:02PM +0800, Joseph Qi wrote:
> writeback kworker
> blkcg_bio_issue_check
> rcu_read_lock
> blkg_lookup
> <<< *race window*
> blk_throtl_bio
> spin_lock_irq(q->queue_lock)
> spin_unlock_irq(q->queue_lock)
> rcu_read_unlock
>
> cgroup_rmdir
> cgroup_destroy_locked
> kill_css
> css_killed_ref_fn
> css_killed_work_fn
> offline_css
> blkcg_css_offline
> spin_trylock(q->queue_lock)
> blkg_destroy
> spin_unlock(q->queue_lock)
Ah, right. Thanks for spotting the bug.
> Since rcu can only prevent blkg from releasing when it is being used,
> the blkg->refcnt can be decreased to 0 during blkg_destroy and schedule
> blkg release.
> Then trying to blkg_get in blk_throtl_bio will complains the WARNING.
> And then the corresponding blkg_put will schedule blkg release again,
> which result in double free.
> This race is introduced by commit ae1188963611 ("blkcg: consolidate blkg
> creation in blkcg_bio_issue_check()"). Before this commit, it will lookup
> first and then try to lookup/create again with queue_lock. So revive
> this logic to fix the race.
The change seems a bit drastic to me. Can't we do something like the
following instead?
blk_throtl_bio()
{
... non throttled cases ...
/* out-of-limit, queue to @tg */
/*
* We can look up and retry but the race window is tiny here.
* Just letting it through should be good enough.
*/
if (!css_tryget(blkcg->css))
goto out;
... actual queueing ...
css_put(blkcg->css);
...
}
Thanks.
--
tejun
next prev parent reply other threads:[~2018-02-07 21:38 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-07 8:40 [PATCH v2] blk-throttle: fix race between blkcg_bio_issue_check and cgroup_rmdir Joseph Qi
2018-02-07 21:38 ` Tejun Heo [this message]
2018-02-08 2:29 ` Joseph Qi
2018-02-08 15:23 ` Tejun Heo
2018-02-09 2:15 ` Joseph Qi
2018-02-12 17:11 ` Tejun Heo
2018-02-22 6:14 ` Joseph Qi
2018-02-22 15:18 ` Tejun Heo
2018-02-23 1:56 ` xuejiufei
2018-02-23 14:23 ` Tejun Heo
2018-02-24 1:45 ` Joseph Qi
2018-02-27 3:18 ` Joseph Qi
2018-02-27 18:33 ` Tejun Heo
2018-02-28 6:52 ` Joseph Qi
2018-03-04 20:23 ` Tejun Heo
2018-03-05 1:17 ` Joseph Qi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180207213811.GF695913@devbig577.frc2.facebook.com \
--to=tj@kernel.org \
--cc=axboe@kernel.dk \
--cc=caspar@linux.alibaba.com \
--cc=cgroups@vger.kernel.org \
--cc=jiufei.xue@linux.alibaba.com \
--cc=joseph.qi@linux.alibaba.com \
--cc=linux-block@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox