From: Ming Lei <ming.lei@redhat.com>
To: Hannes Reinecke <hare@suse.de>
Cc: "Jens Axboe" <axboe@kernel.dk>,
linux-block@vger.kernel.org, "Nilay Shroff" <nilay@linux.ibm.com>,
"Shinichiro Kawasaki" <shinichiro.kawasaki@wdc.com>,
"Thomas Hellström" <thomas.hellstrom@linux.intel.com>,
"Christoph Hellwig" <hch@lst.de>
Subject: Re: [PATCH V4 18/24] block: fail to show/store elevator sysfs attribute if elevator is dying
Date: Wed, 30 Apr 2025 21:30:39 +0800 [thread overview]
Message-ID: <aBIl_-8-JbG7hUJV@fedora> (raw)
In-Reply-To: <c4694029-f8c9-46fd-ba2a-b486a48d615b@suse.de>
On Wed, Apr 30, 2025 at 08:31:01AM +0200, Hannes Reinecke wrote:
> On 4/30/25 06:35, Ming Lei wrote:
> > Prepare for moving elv_register[unregister]_queue out of elevator_lock
> > & queue freezing, so we may have to call elv_unregister_queue() after
> > elevator ->exit() is called, then there is small window for user to
> > call into ->show()/store(), and user-after-free can be caused.
> >
> > Fail to show/store elevator sysfs attribute if elevator is dying by
> > adding one new flag of ELEVATOR_FLAG_DYNG, which is protected by
> > elevator ->sysfs_lock.
> >
> > Reviewed-by: Nilay Shroff <nilay@linux.ibm.com>
> > Signed-off-by: Ming Lei <ming.lei@redhat.com>
> > ---
> > block/blk-mq-sched.c | 1 +
> > block/elevator.c | 10 ++++++----
> > block/elevator.h | 1 +
> > 3 files changed, 8 insertions(+), 4 deletions(-)
> >
> > diff --git a/block/blk-mq-sched.c b/block/blk-mq-sched.c
> > index 336a15ffecfa..55a0fd105147 100644
> > --- a/block/blk-mq-sched.c
> > +++ b/block/blk-mq-sched.c
> > @@ -551,5 +551,6 @@ void blk_mq_exit_sched(struct request_queue *q, struct elevator_queue *e)
> > if (e->type->ops.exit_sched)
> > e->type->ops.exit_sched(e);
> > blk_mq_sched_tags_teardown(q, flags);
> > + set_bit(ELEVATOR_FLAG_DYING, &q->elevator->flags);
> > q->elevator = NULL;
> > }
>
> set_bit() is unordered; don't you need to take ->sysfs_lock here?
Yes.
blk_mq_exit_sched() is called from elevator_exit() with eq->sysfs_lock held.
thanks,
Ming
next prev parent reply other threads:[~2025-04-30 13:31 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-30 4:35 [PATCH V4 00/24] block: unify elevator changing and fix lockdep warning Ming Lei
2025-04-30 4:35 ` [PATCH V4 01/24] block: move blk_mq_add_queue_tag_set() after blk_mq_map_swqueue() Ming Lei
2025-04-30 4:35 ` [PATCH V4 02/24] block: move ELEVATOR_FLAG_DISABLE_WBT a request queue flag Ming Lei
2025-04-30 4:35 ` [PATCH V4 03/24] block: don't call freeze queue in elevator_switch() and elevator_disable() Ming Lei
2025-04-30 4:35 ` [PATCH V4 04/24] block: use q->elevator with ->elevator_lock held in elv_iosched_show() Ming Lei
2025-04-30 4:35 ` [PATCH V4 05/24] block: add two helpers for registering/un-registering sched debugfs Ming Lei
2025-04-30 4:35 ` [PATCH V4 06/24] block: move sched debugfs register into elvevator_register_queue Ming Lei
2025-04-30 4:35 ` [PATCH V4 07/24] block: prevent adding/deleting disk during updating nr_hw_queues Ming Lei
2025-04-30 4:35 ` [PATCH V4 08/24] block: don't allow to switch elevator if updating nr_hw_queues is in-progress Ming Lei
2025-04-30 14:09 ` Christoph Hellwig
2025-04-30 4:35 ` [PATCH V4 09/24] block: look up the elevator type in elevator_switch Ming Lei
2025-04-30 6:14 ` Hannes Reinecke
2025-05-01 6:47 ` Nilay Shroff
2025-04-30 4:35 ` [PATCH V4 10/24] block: fold elevator_disable into elevator_switch Ming Lei
2025-04-30 6:14 ` Hannes Reinecke
2025-05-01 6:59 ` Nilay Shroff
2025-04-30 4:35 ` [PATCH V4 11/24] block: move blk_queue_registered() check into elv_iosched_store() Ming Lei
2025-04-30 6:15 ` Hannes Reinecke
2025-05-01 9:55 ` Nilay Shroff
2025-05-02 12:46 ` Ming Lei
2025-04-30 4:35 ` [PATCH V4 12/24] block: simplify elevator reattachment for updating nr_hw_queues Ming Lei
2025-04-30 4:35 ` [PATCH V4 13/24] block: move queue freezing & elevator_lock into elevator_change() Ming Lei
2025-04-30 14:13 ` Christoph Hellwig
2025-04-30 4:35 ` [PATCH V4 14/24] block: add `struct elv_change_ctx` for unifying elevator change Ming Lei
2025-04-30 14:15 ` Christoph Hellwig
2025-04-30 4:35 ` [PATCH V4 15/24] block: " Ming Lei
2025-04-30 14:17 ` Christoph Hellwig
2025-05-01 10:28 ` Nilay Shroff
2025-04-30 4:35 ` [PATCH V4 16/24] block: pass elevator_queue to elv_register_queue & unregister_queue Ming Lei
2025-04-30 14:18 ` Christoph Hellwig
2025-04-30 4:35 ` [PATCH V4 17/24] block: remove elevator queue's type check in elv_attr_show/store() Ming Lei
2025-04-30 6:16 ` Hannes Reinecke
2025-04-30 14:18 ` Christoph Hellwig
2025-05-01 10:31 ` Nilay Shroff
2025-04-30 4:35 ` [PATCH V4 18/24] block: fail to show/store elevator sysfs attribute if elevator is dying Ming Lei
2025-04-30 6:31 ` Hannes Reinecke
2025-04-30 13:30 ` Ming Lei [this message]
2025-04-30 14:19 ` Christoph Hellwig
2025-04-30 4:35 ` [PATCH V4 19/24] block: add new helper for disabling elevator switch when deleting disk Ming Lei
2025-04-30 6:32 ` Hannes Reinecke
2025-04-30 14:20 ` Christoph Hellwig
2025-04-30 4:35 ` [PATCH V4 20/24] block: move elv_register[unregister]_queue out of elevator_lock Ming Lei
2025-05-01 10:26 ` Nilay Shroff
2025-05-02 12:50 ` Ming Lei
2025-04-30 4:35 ` [PATCH V4 21/24] block: move hctx debugfs/sysfs registering out of freezing queue Ming Lei
2025-04-30 4:35 ` [PATCH V4 22/24] block: don't acquire ->elevator_lock in blk_mq_map_swqueue and blk_mq_realloc_hw_ctxs Ming Lei
2025-04-30 4:35 ` [PATCH V4 23/24] block: move hctx cpuhp add/del out of queue freezing Ming Lei
2025-04-30 4:35 ` [PATCH V4 24/24] block: move wbt_enable_default() out of queue freezing from sched ->exit() Ming Lei
2025-04-30 6:33 ` Hannes Reinecke
2025-04-30 14:08 ` [PATCH V4 00/24] block: unify elevator changing and fix lockdep warning Christoph Hellwig
2025-04-30 14:13 ` Ming Lei
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aBIl_-8-JbG7hUJV@fedora \
--to=ming.lei@redhat.com \
--cc=axboe@kernel.dk \
--cc=hare@suse.de \
--cc=hch@lst.de \
--cc=linux-block@vger.kernel.org \
--cc=nilay@linux.ibm.com \
--cc=shinichiro.kawasaki@wdc.com \
--cc=thomas.hellstrom@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).