From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tejun Heo Subject: Re: [PATCH] block: fix oops with block tag queueing Date: Thu, 21 May 2009 10:55:45 +0900 Message-ID: <4A14B4A1.5050303@gmail.com> References: <1242839186.2881.57.camel@localhost.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Return-path: Received: from mail-bw0-f222.google.com ([209.85.218.222]:42294 "EHLO mail-bw0-f222.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754453AbZEUBzx (ORCPT ); Wed, 20 May 2009 21:55:53 -0400 Received: by bwz22 with SMTP id 22so751008bwz.37 for ; Wed, 20 May 2009 18:55:53 -0700 (PDT) In-Reply-To: <1242839186.2881.57.camel@localhost.localdomain> Sender: linux-scsi-owner@vger.kernel.org List-Id: linux-scsi@vger.kernel.org To: James Bottomley Cc: Jens Axboe , linux-scsi James Bottomley wrote: > commit e8939a50466fd963eb1ba9118c34b9ffb7ff6aa6 > Author: Tejun Heo > Date: Fri May 8 11:54:16 2009 +0900 > > block: implement and enforce request peek/start/fetch > > Added a BUG_ON(blk_queued_rq(req)) to the top of blk_finish_req(). > Unfortunately, this checks whether req->queuelist is empty. This list > is doing double duty both as the queue list and the tag list, so tagged > requests come in here with this not empty and boom (the tag list is > emptied by blk_queue_end_tag() lower down). > > Fix this by moving the BUG_ON to below the end tag we also seem > vulnerable to this in blk_requeue_request() as well. I think all uses > of blk_queued_rq() need auditing because the check is clearly wrong in > the tagged case. > > Signed-off-by: James Bottomley Oops, Acked-by: Tejun Heo There are also some drivers which use queuelist for internal purposes after dequeueing, which also screws up blk_queued_rq() test in addition to being questionable practice to begin with. Maybe we would be better off with a flag? Thanks. -- tejun