From: Nilay Shroff <nilay@linux.ibm.com>
To: Zheng Qixing <zhengqixing@huaweicloud.com>,
Greg KH <gregkh@linuxfoundation.org>
Cc: cve@kernel.org, linux-kernel@vger.kernel.org, yukuai@fnnas.com,
ming.lei@redhat.com, "zhangyi (F)" <yi.zhang@huawei.com>,
yangerkun <yangerkun@huawei.com>, Hou Tao <houtao1@huawei.com>
Subject: Re: CVE-2025-40146: blk-mq: fix potential deadlock while nr_requests grown
Date: Fri, 28 Nov 2025 10:50:47 +0530 [thread overview]
Message-ID: <813a7d60-6211-4048-9267-ec4bd4a75f73@linux.ibm.com> (raw)
In-Reply-To: <82df4ae1-2940-4214-b46e-a2f8242b3582@huaweicloud.com>
On 11/28/25 6:45 AM, Zheng Qixing wrote:
>
> 在 2025/11/27 21:39, Greg KH 写道:
>> On Thu, Nov 27, 2025 at 09:22:42PM +0800, Zheng Qixing wrote:
>>> Hi,
>>>
>>> Commit b86433721f46 ("blk-mq: fix potential deadlock while nr_requests
>>> grown") aims to avoid a deadlock issue when the queue is frozen and memory
>>> reclaim is triggered.
>>>
>>> However, the sysfs nr_requests update path is already under a
>>> memalloc_noio_save() region while the queue is frozen (via
>>> blk_mq_freeze_queue()).
>> Did the lockdep splat in
>> https://lore.kernel.org/all/0659ea8d-a463-47c8-9180-43c719e106eb@linux.ibm.com/
>> not describe the issue here that the commit is attempting to solve?
>>
>> thanks,
>>
>> greg k-h
>
>
> The deadlock issue described in this link is about elevator switch path, but the patch modifies sysfs nr_requests update path.
>
> I didn't identify any potential deadlock issues on this path. If I misunderstood something, could someone help clarify?
>
>
Let me clarify the confusion here.
The deadlock reported in [1] requires updates across multiple code paths. There are
three distinct paths that need to be fixed to avoid the deadlock. While the report
in [1] only exposed the issue in one of these paths, we already knew that all three
paths needed changes to fully resolve the problem:
1. Elevator change path (via sysfs attribute) that triggers a scheduler tags update
2. Elevator change path triggered by an nr_hw_queues update which also triggers a
scheduler tags update
3. Scheduler tags update triggered through the nr_requests sysfs attribute (please
note when nr_requests grows beyond current queue depth it triggers scheduler
tags update)
The first two code paths were addressed by:
commit f5a6604f7a44 (“block: fix lockdep warning caused by lock dependency in
elv_iosched_store”), and commit 04225d13aef1 (“block: fix potential deadlock while
running nr_hw_queue update”) respectively.
The third code path was fixed by:
commit b86433721f46 (“blk-mq: fix potential deadlock while nr_requests grown”).
Ideally, all of these commits should be referenced as collectively fixing the lockdep
splat reported in [1]. I hope this clarifies the situation. Please let me know if you
have any further questions.
[1] https://lore.kernel.org/all/0659ea8d-a463-47c8-9180-43c719e106eb@linux.ibm.com/
Thanks,
--Nilay
next prev parent reply other threads:[~2025-11-28 5:21 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <2025111256-CVE-2025-40146-b919@gregkh>
2025-11-27 13:22 ` CVE-2025-40146: blk-mq: fix potential deadlock while nr_requests grown Zheng Qixing
2025-11-27 13:39 ` Greg KH
2025-11-28 1:15 ` Zheng Qixing
2025-11-28 5:20 ` Nilay Shroff [this message]
2025-11-28 6:33 ` yangerkun
2025-11-28 7:15 ` Nilay Shroff
2025-11-28 9:44 ` Zheng Qixing
2025-11-29 3:52 ` Zheng Qixing
2025-11-29 4:01 ` Zheng Qixing
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=813a7d60-6211-4048-9267-ec4bd4a75f73@linux.ibm.com \
--to=nilay@linux.ibm.com \
--cc=cve@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=houtao1@huawei.com \
--cc=linux-kernel@vger.kernel.org \
--cc=ming.lei@redhat.com \
--cc=yangerkun@huawei.com \
--cc=yi.zhang@huawei.com \
--cc=yukuai@fnnas.com \
--cc=zhengqixing@huaweicloud.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox