From: Giuliano Procida <gprocida@google.com>
To: greg@kroah.com
Cc: stable@vger.kernel.org, Giuliano Procida <gprocida@google.com>,
Jianchao Wang <jianchao.w.wang@oracle.com>,
Ming Lei <ming.lei@redhat.com>, Jens Axboe <axboe@kernel.dk>
Subject: [PATCH 3/4] blk-mq: sync things with blk_mq_queue_tag_busy_iter
Date: Tue, 7 Apr 2020 17:55:38 +0100 [thread overview]
Message-ID: <20200407165539.161505-4-gprocida@google.com> (raw)
In-Reply-To: <CAGvU0Hn2U88Dy2MEP-ZTNvfrWaKF4XL9EtR+4iF5BZ6_GW3Tvg@mail.gmail.com>
commit f5bbbbe4d63577026f908a809f22f5fd5a90ea1f upstream.
The original commit was intended to prevent concurrent manipulation of
nr_hw_queues and iteration over queues. The former doesn't happen in
this older kernel version. However, the extra locking (which is buggy
as it exists in this commit) may protect against other concurrent
accesses such as queue removal.
The original commit message follows for completeness.
blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter
For blk-mq, part_in_flight/rw will invoke blk_mq_in_flight/rw to
account the inflight requests. It will access the queue_hw_ctx and
nr_hw_queues w/o any protection. When updating nr_hw_queues and
blk_mq_in_flight/rw occur concurrently, panic comes up.
Before update nr_hw_queues, the q will be frozen. So we could use
q_usage_counter to avoid the race. percpu_ref_is_zero is used here
so that we will not miss any in-flight request. The access to
nr_hw_queues and queue_hw_ctx in blk_mq_queue_tag_busy_iter are
under rcu critical section, __blk_mq_update_nr_hw_queues could use
synchronize_rcu to ensure the zeroed q_usage_counter to be globally
visible.
Signed-off-by: Jianchao Wang <jianchao.w.wang@oracle.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Giuliano Procida <gprocida@google.com>
---
block/blk-mq-tag.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/block/blk-mq-tag.c b/block/blk-mq-tag.c
index a07ca3488d96..bf356de30134 100644
--- a/block/blk-mq-tag.c
+++ b/block/blk-mq-tag.c
@@ -481,6 +481,14 @@ void blk_mq_queue_tag_busy_iter(struct request_queue *q, busy_iter_fn *fn,
struct blk_mq_hw_ctx *hctx;
int i;
+ /*
+ * Avoid potential races with things like queue removal.
+ */
+ rcu_read_lock();
+ if (percpu_ref_is_zero(&q->q_usage_counter)) {
+ rcu_read_unlock();
+ return;
+ }
queue_for_each_hw_ctx(q, hctx, i) {
struct blk_mq_tags *tags = hctx->tags;
@@ -497,7 +505,7 @@ void blk_mq_queue_tag_busy_iter(struct request_queue *q, busy_iter_fn *fn,
bt_for_each(hctx, &tags->bitmap_tags, tags->nr_reserved_tags, fn, priv,
false);
}
-
+ rcu_read_unlock();
}
static unsigned int bt_unused_tags(struct blk_mq_bitmap_tags *bt)
--
2.26.0.292.g33ef6b2f38-goog
next prev parent reply other threads:[~2020-04-07 16:56 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-01 17:47 backport request for use-after-free blk_mq_queue_tag_busy_iter Giuliano Procida
2020-04-01 17:55 ` Greg KH
2020-04-03 9:20 ` Greg KH
2020-04-03 22:30 ` Giuliano Procida
2020-04-07 16:31 ` Giuliano Procida
2020-04-07 16:55 ` [PATCH 0/4] " Giuliano Procida
2020-04-10 9:04 ` Greg KH
2020-04-07 16:55 ` [PATCH 1/4] block: more locking around delayed work Giuliano Procida
2020-04-10 9:03 ` Greg KH
2020-04-15 12:03 ` Giuliano Procida
2020-04-07 16:55 ` [PATCH 2/4] blk-mq: Allow timeouts to run while queue is freezing Giuliano Procida
2020-04-07 16:55 ` Giuliano Procida [this message]
2020-04-07 16:55 ` [PATCH 4/4] blk-mq: Allow blocking queue tag iter callbacks Giuliano Procida
2020-04-07 21:02 ` backport request for use-after-free blk_mq_queue_tag_busy_iter Giuliano Procida
2020-04-15 13:00 ` [PATCH v2 0/4] " Giuliano Procida
2020-05-18 7:27 ` Greg KH
2020-04-15 13:00 ` [PATCH v2 1/4] block: more locking around delayed work Giuliano Procida
2020-04-15 13:00 ` [PATCH v2 2/4] blk-mq: Allow timeouts to run while queue is freezing Giuliano Procida
2020-04-15 13:00 ` [PATCH v2 3/4] blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter Giuliano Procida
2020-04-15 13:00 ` [PATCH v2 4/4] blk-mq: Allow blocking queue tag iter callbacks Giuliano Procida
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200407165539.161505-4-gprocida@google.com \
--to=gprocida@google.com \
--cc=axboe@kernel.dk \
--cc=greg@kroah.com \
--cc=jianchao.w.wang@oracle.com \
--cc=ming.lei@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).