From: Andrew Morton <akpm@zip.com.au>
To: Jens Axboe <axboe@suse.de>
Cc: lkml <linux-kernel@vger.kernel.org>
Subject: block completion races
Date: Tue, 15 Jan 2002 17:50:51 -0800 [thread overview]
Message-ID: <3C44DC7B.D960D15D@zip.com.au> (raw)
void end_that_request_last(struct request *req)
{
if (req->waiting != NULL)
complete(req->waiting);
blkdev_release_request(req);
}
I think a bug. Sometimes (eg, cdrom_queue_packet_command())
the request is allocated on a task's kernel stack. As soon as
we call complete(), that task can wake and release the request
while blkdev_release_request() is diddling it on this CPU.
Do you see any problem with releasing the request before running
complete()?. Also I think it's best to uninline blkdev_release_request().
It's 104 bytes long, and we have four copies of it in ll_rw_blk.c. A
patch is here.
Also, there is this code in ide_do_drive_cmd():
if (action == ide_wait) {
wait_for_completion(&wait); /* wait for it to be serviced */
return rq->errors ? -EIO : 0; /* return -EIO if errors */
}
Is it safe to use `rq' here? It has just been recycled in
end_that_request_last() and we don't own it any more.
I think the simplest approach to this one is to make the error
code a part of the completion structure, so:
struct blkdev_completion {
struct completion completion;
int errcode;
};
If you agree, I'll do the patch.
--- linux-2.4.18-pre4/drivers/block/ll_rw_blk.c Tue Jan 15 15:08:24 2002
+++ linux-akpm/drivers/block/ll_rw_blk.c Tue Jan 15 17:39:22 2002
@@ -546,7 +546,7 @@ static inline void add_request(request_q
/*
* Must be called with io_request_lock held and interrupts disabled
*/
-inline void blkdev_release_request(struct request *req)
+void blkdev_release_request(struct request *req)
{
request_queue_t *q = req->q;
int rw = req->cmd;
@@ -1084,10 +1084,11 @@ int end_that_request_first (struct reque
void end_that_request_last(struct request *req)
{
- if (req->waiting != NULL)
- complete(req->waiting);
+ struct completion *waiting = req->waiting;
blkdev_release_request(req);
+ if (waiting != NULL)
+ complete(waiting);
}
#define MB(kb) ((kb) << 10)
next reply other threads:[~2002-01-16 1:56 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-01-16 1:50 Andrew Morton [this message]
2002-01-16 4:11 ` block completion races Andre Hedrick
2002-01-16 7:09 ` Jens Axboe
2002-01-16 7:07 ` Jens Axboe
-- strict thread matches above, loose matches on Subject: below --
2002-01-16 16:55 Manfred Spraul
2002-01-16 18:50 ` Jens Axboe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3C44DC7B.D960D15D@zip.com.au \
--to=akpm@zip.com.au \
--cc=axboe@suse.de \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox