From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from aserp2130.oracle.com ([141.146.126.79]:36476 "EHLO aserp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753325AbeDJOcj (ORCPT ); Tue, 10 Apr 2018 10:32:39 -0400 Subject: Re: [PATCH v4] blk-mq: Fix race conditions in request timeout handling To: Bart Van Assche , "axboe@kernel.dk" Cc: "hch@lst.de" , "tj@kernel.org" , "israelr@mellanox.com" , "linux-block@vger.kernel.org" , "maxg@mellanox.com" , "stable@vger.kernel.org" , "sagi@grimberg.me" References: <20180410013455.7448-1-bart.vanassche@wdc.com> <1131f89179501c54c04d61d81bc46a83ba87df27.camel@wdc.com> From: "jianchao.wang" Message-ID: Date: Tue, 10 Apr 2018 22:32:20 +0800 MIME-Version: 1.0 In-Reply-To: <1131f89179501c54c04d61d81bc46a83ba87df27.camel@wdc.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: stable-owner@vger.kernel.org List-ID: Hi Bart Thanks for your kindly response. On 04/10/2018 09:01 PM, Bart Van Assche wrote: > On Tue, 2018-04-10 at 15:59 +0800, jianchao.wang wrote: >> If yes, how does the timeout handler get the freed request when the tag has been freed ? > > Hello Jianchao, > > Have you noticed that the timeout handler does not check whether or not the request > tag is freed? Additionally, I don't think it would be possible to add such a check > to the timeout code without introducing a new race condition. Doesn't blk_mq_queue_tag_busy_iter only iterate the tags that has been allocated/set ? When the request is freed, the tag will be cleared through blk_mq_put_tag->sbitmap_queue_clear Do I miss something else ? Thanks Jianchao > >