From: kbusch@kernel.org (Keith Busch)
Subject: [PATCH 1/2] nvme: skip namespaces which are about to be removed
Date: Thu, 1 Aug 2019 16:10:31 -0600 [thread overview]
Message-ID: <20190801221031.GH15795@localhost.localdomain> (raw)
In-Reply-To: <8c71f313-4543-f581-af96-84070b8dbe5e@grimberg.me>
On Thu, Aug 01, 2019@02:52:37PM -0700, Sagi Grimberg wrote:
>
> > > nvme_ns_remove() will only remove the namespaces from the list at
> > > the very last step, so we might run into situations where we iterate
> > > over namespaces which are about to be deleted.
> > > To avoid crashes we should be skipping all namespaces with the
> > > NVME_NS_REMOVING flag set.
> >
> > This all looks to be racing with whatever task is going to call
> > nvme_ns_remove().
> >
> > Could we instead move these invalid namespaces off the ctrl->namespaces
> > list prior to calling nvme_ns_remove(), and while holding the write
> > lock? That way nothing can iterate the namespaces that we're deleting.
> > We already do that in some places, so that looks like it may be the safe
> > way to do this.
>
> This is exactly what I proposed in:
> [PATCH rfc 2/2] nvme: fix possible use-after-free condition when controller
> reset is racing namespace scanning
Hm, I had to look up why the list_del is done at then end. It is after
del_gendisk() because that syncs dirty buffers, which means we could have
IO that can timeout. We need the namespaces in the controller list during
removal so that timeout handlers can iterate them for cleanup. Otherwise
you could have some buffered write tasks constantly entering the queue,
preventing namespace removal. The only time should be safe to take the
namespace off list first is if we've set the queue to dying prior to
calling del_gendisk.
next prev parent reply other threads:[~2019-08-01 22:10 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-01 7:16 [PATCH 0/2] skip removed namespaces Hannes Reinecke
2019-08-01 7:16 ` [PATCH 1/2] nvme: skip namespaces which are about to be removed Hannes Reinecke
2019-08-01 18:13 ` Nadolski, Edmund
2019-08-01 18:34 ` Sagi Grimberg
2019-08-01 21:36 ` Keith Busch
2019-08-01 21:52 ` Sagi Grimberg
2019-08-01 22:10 ` Keith Busch [this message]
2019-08-02 20:45 ` Sagi Grimberg
2019-08-01 7:16 ` [PATCH 2/2] nvme: do not remove namespaces during reset Hannes Reinecke
2019-08-01 18:15 ` Nadolski, Edmund
2019-08-01 18:42 ` Sagi Grimberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190801221031.GH15795@localhost.localdomain \
--to=kbusch@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox