From: Giuliano Procida <gprocida@google.com>
To: greg@kroah.com
Cc: Giuliano Procida <gprocida@google.com>,
stable@vger.kernel.org,
Jianchao Wang <jianchao.w.wang@oracle.com>,
Ming Lei <ming.lei@redhat.com>, Jens Axboe <axboe@kernel.dk>
Subject: [PATCH v2 3/4] blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter
Date: Wed, 15 Apr 2020 14:00:16 +0100 [thread overview]
Message-ID: <20200415130017.244979-4-gprocida@google.com> (raw)
In-Reply-To: <CAGvU0Hn2U88Dy2MEP-ZTNvfrWaKF4XL9EtR+4iF5BZ6_GW3Tvg@mail.gmail.com>
commit f5bbbbe4d63577026f908a809f22f5fd5a90ea1f upstream.
For blk-mq, part_in_flight/rw will invoke blk_mq_in_flight/rw to
account the inflight requests. It will access the queue_hw_ctx and
nr_hw_queues w/o any protection. When updating nr_hw_queues and
blk_mq_in_flight/rw occur concurrently, panic comes up.
Before update nr_hw_queues, the q will be frozen. So we could use
q_usage_counter to avoid the race. percpu_ref_is_zero is used here
so that we will not miss any in-flight request. The access to
nr_hw_queues and queue_hw_ctx in blk_mq_queue_tag_busy_iter are
under rcu critical section, __blk_mq_update_nr_hw_queues could use
synchronize_rcu to ensure the zeroed q_usage_counter to be globally
visible.
NOTE: Back-ported to 4.4.y.
The upstream commit was intended to prevent concurrent manipulation of
nr_hw_queues and iteration over queues. The former doesn't happen in
this in 4.4.7 (as __blk_mq_update_nr_hw_queues doesn't exist). The
extra locking is also buggy in this commit but fixed in a follow-up.
It may protect against other concurrent accesses such as queue removal
by synchronising RCU locking around q_usage_counter.
Signed-off-by: Jianchao Wang <jianchao.w.wang@oracle.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Giuliano Procida <gprocida@google.com>
---
block/blk-mq-tag.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/block/blk-mq-tag.c b/block/blk-mq-tag.c
index a07ca3488d96..bf356de30134 100644
--- a/block/blk-mq-tag.c
+++ b/block/blk-mq-tag.c
@@ -481,6 +481,14 @@ void blk_mq_queue_tag_busy_iter(struct request_queue *q, busy_iter_fn *fn,
struct blk_mq_hw_ctx *hctx;
int i;
+ /*
+ * Avoid potential races with things like queue removal.
+ */
+ rcu_read_lock();
+ if (percpu_ref_is_zero(&q->q_usage_counter)) {
+ rcu_read_unlock();
+ return;
+ }
queue_for_each_hw_ctx(q, hctx, i) {
struct blk_mq_tags *tags = hctx->tags;
@@ -497,7 +505,7 @@ void blk_mq_queue_tag_busy_iter(struct request_queue *q, busy_iter_fn *fn,
bt_for_each(hctx, &tags->bitmap_tags, tags->nr_reserved_tags, fn, priv,
false);
}
-
+ rcu_read_unlock();
}
static unsigned int bt_unused_tags(struct blk_mq_bitmap_tags *bt)
--
2.26.0.110.g2183baf09c-goog
next prev parent reply other threads:[~2020-04-15 13:00 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-01 17:47 backport request for use-after-free blk_mq_queue_tag_busy_iter Giuliano Procida
2020-04-01 17:55 ` Greg KH
2020-04-03 9:20 ` Greg KH
2020-04-03 22:30 ` Giuliano Procida
2020-04-07 16:31 ` Giuliano Procida
2020-04-07 16:55 ` [PATCH 0/4] " Giuliano Procida
2020-04-10 9:04 ` Greg KH
2020-04-07 16:55 ` [PATCH 1/4] block: more locking around delayed work Giuliano Procida
2020-04-10 9:03 ` Greg KH
2020-04-15 12:03 ` Giuliano Procida
2020-04-07 16:55 ` [PATCH 2/4] blk-mq: Allow timeouts to run while queue is freezing Giuliano Procida
2020-04-07 16:55 ` [PATCH 3/4] blk-mq: sync things with blk_mq_queue_tag_busy_iter Giuliano Procida
2020-04-07 16:55 ` [PATCH 4/4] blk-mq: Allow blocking queue tag iter callbacks Giuliano Procida
2020-04-07 21:02 ` backport request for use-after-free blk_mq_queue_tag_busy_iter Giuliano Procida
2020-04-15 13:00 ` [PATCH v2 0/4] " Giuliano Procida
2020-05-18 7:27 ` Greg KH
2020-04-15 13:00 ` [PATCH v2 1/4] block: more locking around delayed work Giuliano Procida
2020-04-15 13:00 ` [PATCH v2 2/4] blk-mq: Allow timeouts to run while queue is freezing Giuliano Procida
2020-04-15 13:00 ` Giuliano Procida [this message]
2020-04-15 13:00 ` [PATCH v2 4/4] blk-mq: Allow blocking queue tag iter callbacks Giuliano Procida
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200415130017.244979-4-gprocida@google.com \
--to=gprocida@google.com \
--cc=axboe@kernel.dk \
--cc=greg@kroah.com \
--cc=jianchao.w.wang@oracle.com \
--cc=ming.lei@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).