From: Tejun Heo <htejun@gmail.com>
To: Jens Axboe <axboe@suse.de>
Cc: torvalds@osdl.org, acme@mandriva.com, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] blk: fix dangling pointer access in __elv_add_request
Date: Tue, 01 Nov 2005 19:13:16 +0900 [thread overview]
Message-ID: <43673FBC.3070403@gmail.com> (raw)
In-Reply-To: <20051101090857.GC26049@suse.de>
Jens Axboe wrote:
> On Tue, Nov 01 2005, Tejun Heo wrote:
>
>>cfq's add_req_fn callback may invoke q->request_fn directly and
>>depending on low-level driver used and timing, a queued request may be
>>finished & deallocated before add_req_fn callback returns. So,
>>__elv_add_request must not access rq after it's passed to add_req_fn
>>callback.
>
>
> It's a generel problem, you may get the queue run at any time regardless
> of what the io scheduler is doing. CFQ does run the queue manully
> sometimes, but SCSI may do the very same thing for you as well. Given
> that SCSI also shortly reenables interrupts in the ->request_fn()
> handling, it's quite possible for the request to be completed.
>
> So, as we don't hold a reference to the request, I'd say your patch
> looks correct and should be applied right away.
>
>
>>Jens, does generalizing queue kicking functions and disallowing
>>ioscheds from directly calling q->request_fn sound like a good idea?
>
>
> Yes certainly.
>
The thing is that we are holding queue_lock before calling add_req_fn
callback and also after it finishes giving it an appearance of
atomicity. I think q->request_fn semantics is peculiar and a bit prone
to bug, so it might be better to make ioscheds always use generic queue
kicking function which always uses work queue to run q->request_fn so
that we don't have queue_lock releasing and regrabbing inbetween. Do
you think there can be any noticieable performance issues?
Hmmmm... One more thing about q->request_fn's locking behavior is that,
as I noted while posting the ordered patchset, for SCSI, the behavior
can reorder issued requests making it impossible to use ordered tags for
flushing. I'm thinking of submitting a patch to make scsi request_fn
atomic w.r.t. queue_lock, but there might be some performance issues I'm
not aware of. Functions which release and regrab locks underneath the
caller are just... hard. :-p
Thanks.
--
tejun
next prev parent reply other threads:[~2005-11-01 10:13 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-01 8:23 [PATCH] blk: fix dangling pointer access in __elv_add_request Tejun Heo
2005-11-01 9:08 ` Jens Axboe
2005-11-01 10:13 ` Tejun Heo [this message]
2005-11-01 12:15 ` Jens Axboe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43673FBC.3070403@gmail.com \
--to=htejun@gmail.com \
--cc=acme@mandriva.com \
--cc=axboe@suse.de \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox