From: Chao Leng <lengchao@huawei.com>
To: Ming Lei <ming.lei@redhat.com>, Sagi Grimberg <sagi@grimberg.me>
Cc: Jens Axboe <axboe@kernel.dk>, Yi Zhang <yi.zhang@redhat.com>,
<linux-nvme@lists.infradead.org>, <linux-block@vger.kernel.org>,
Keith Busch <kbusch@kernel.org>, Christoph Hellwig <hch@lst.de>
Subject: Re: [PATCH] block: re-introduce blk_mq_complete_request_sync
Date: Wed, 14 Oct 2020 17:39:12 +0800 [thread overview]
Message-ID: <f5870b91-28c5-ea99-59df-cdcc8c482011@huawei.com> (raw)
In-Reply-To: <20201014033434.GC775684@T590>
On 2020/10/14 11:34, Ming Lei wrote:
> On Wed, Oct 14, 2020 at 09:08:28AM +0800, Ming Lei wrote:
>> On Tue, Oct 13, 2020 at 03:36:08PM -0700, Sagi Grimberg wrote:
>>>
>>>>>> This may just reduce the probability. The concurrency of timeout
>>>>>> and teardown will cause the same request
>>>>>> be treated repeatly, this is not we expected.
>>>>>
>>>>> That is right, not like SCSI, NVME doesn't apply atomic request
>>>>> completion, so
>>>>> request may be completed/freed from both timeout & nvme_cancel_request().
>>>>>
>>>>> .teardown_lock still may cover the race with Sagi's patch because
>>>>> teardown
>>>>> actually cancels requests in sync style.
>>>> In extreme scenarios, the request may be already retry success(rq state
>>>> change to inflight).
>>>> Timeout processing may wrongly stop the queue and abort the request.
>>>> teardown_lock serialize the process of timeout and teardown, but do not
>>>> avoid the race.
>>>> It might not be safe.
>>>
>>> Not sure I understand the scenario you are describing.
>>>
>>> what do you mean by "In extreme scenarios, the request may be already retry
>>> success(rq state change to inflight)"?
>>>
>>> What will retry the request? only when the host will reconnect
>>> the request will be retried.
>>>
>>> We can call nvme_sync_queues in the last part of the teardown, but
>>> I still don't understand the race here.
>>
>> Not like SCSI, NVME doesn't complete request atomically, so double
>> completion/free can be done from both timeout & nvme_cancel_request()(via teardown).
>>
>> Given request is completed remotely or asynchronously in the two code paths,
>> the teardown_lock can't protect the case.
>
> Thinking of the issue further, the race shouldn't be between timeout and
> teardown.
>
> Both nvme_cancel_request() and nvme_tcp_complete_timed_out() are called
> with .teardown_lock, and both check if the request is completed before
> calling blk_mq_complete_request() which marks the request as COMPLETE state.
> So the request shouldn't be double-freed in the two code paths.
>
> Another possible reason is that between timeout and normal completion(fail
> fast pending requests after ctrl state is updated to CONNECTING).
>
> Yi, can you try the following patch and see if the issue is fixed?
>
> diff --git a/drivers/nvme/host/tcp.c b/drivers/nvme/host/tcp.c
> index d6a3e1487354..fab9220196bd 100644
> --- a/drivers/nvme/host/tcp.c
> +++ b/drivers/nvme/host/tcp.c
> @@ -1886,7 +1886,6 @@ static int nvme_tcp_configure_admin_queue(struct nvme_ctrl *ctrl, bool new)
> static void nvme_tcp_teardown_admin_queue(struct nvme_ctrl *ctrl,
> bool remove)
> {
> - mutex_lock(&to_tcp_ctrl(ctrl)->teardown_lock);
> blk_mq_quiesce_queue(ctrl->admin_q);
> nvme_tcp_stop_queue(ctrl, 0);
> if (ctrl->admin_tagset) {
> @@ -1897,15 +1896,13 @@ static void nvme_tcp_teardown_admin_queue(struct nvme_ctrl *ctrl,
> if (remove)
> blk_mq_unquiesce_queue(ctrl->admin_q);
> nvme_tcp_destroy_admin_queue(ctrl, remove);
> - mutex_unlock(&to_tcp_ctrl(ctrl)->teardown_lock);
> }
>
> static void nvme_tcp_teardown_io_queues(struct nvme_ctrl *ctrl,
> bool remove)
> {
> - mutex_lock(&to_tcp_ctrl(ctrl)->teardown_lock);
> if (ctrl->queue_count <= 1)
> - goto out;
> + return;
> blk_mq_quiesce_queue(ctrl->admin_q);
> nvme_start_freeze(ctrl);
> nvme_stop_queues(ctrl);
> @@ -1918,8 +1915,6 @@ static void nvme_tcp_teardown_io_queues(struct nvme_ctrl *ctrl,
> if (remove)
> nvme_start_queues(ctrl);
> nvme_tcp_destroy_io_queues(ctrl, remove);
> -out:
> - mutex_unlock(&to_tcp_ctrl(ctrl)->teardown_lock);
> }
>
> static void nvme_tcp_reconnect_or_remove(struct nvme_ctrl *ctrl)
> @@ -2030,11 +2025,11 @@ static void nvme_tcp_error_recovery_work(struct work_struct *work)
> struct nvme_ctrl *ctrl = &tcp_ctrl->ctrl;
>
> nvme_stop_keep_alive(ctrl);
> +
> + mutex_lock(&tcp_ctrl->teardown_lock);
> nvme_tcp_teardown_io_queues(ctrl, false);
> - /* unquiesce to fail fast pending requests */
> - nvme_start_queues(ctrl);
> nvme_tcp_teardown_admin_queue(ctrl, false);
> - blk_mq_unquiesce_queue(ctrl->admin_q);
Delete blk_mq_unquiesce_queue will cause a bug which may cause reconnect failed.
Delete nvme_start_queues may cause another bug.
> + mutex_unlock(&tcp_ctrl->teardown_lock);
>
> if (!nvme_change_ctrl_state(ctrl, NVME_CTRL_CONNECTING)) {
> /* state change failure is ok if we started ctrl delete */
> @@ -2043,6 +2038,9 @@ static void nvme_tcp_error_recovery_work(struct work_struct *work)
> return;
> }
>
> + /* drain pending timeout for avoiding race with normal completion */
> + nvme_sync_queues(ctrl);
> +
> nvme_tcp_reconnect_or_remove(ctrl);
> }
>
> @@ -2051,6 +2049,7 @@ static void nvme_tcp_teardown_ctrl(struct nvme_ctrl *ctrl, bool shutdown)
> cancel_work_sync(&to_tcp_ctrl(ctrl)->err_work);
> cancel_delayed_work_sync(&to_tcp_ctrl(ctrl)->connect_work);
>
> + mutex_lock(&to_tcp_ctrl(ctrl)->teardown_lock);
> nvme_tcp_teardown_io_queues(ctrl, shutdown);
> blk_mq_quiesce_queue(ctrl->admin_q);
> if (shutdown)
> @@ -2058,6 +2057,7 @@ static void nvme_tcp_teardown_ctrl(struct nvme_ctrl *ctrl, bool shutdown)
> else
> nvme_disable_ctrl(ctrl);
> nvme_tcp_teardown_admin_queue(ctrl, shutdown);
> + mutex_unlock(&to_tcp_ctrl(ctrl)->teardown_lock);
> }
>
> static void nvme_tcp_delete_ctrl(struct nvme_ctrl *ctrl)
> @@ -2080,6 +2080,9 @@ static void nvme_reset_ctrl_work(struct work_struct *work)
> return;
> }
>
> + /* drain pending timeout for avoiding race with normal completion */
> + nvme_sync_queues(ctrl);
> +
> if (nvme_tcp_setup_ctrl(ctrl, false))
> goto out_fail;
>
>
> Thanks,
> Ming
>
> .
>
next prev parent reply other threads:[~2020-10-14 9:39 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-08 21:37 [PATCH] block: re-introduce blk_mq_complete_request_sync Sagi Grimberg
2020-10-09 4:39 ` Ming Lei
2020-10-09 5:03 ` Yi Zhang
2020-10-09 8:09 ` Sagi Grimberg
2020-10-09 13:55 ` Yi Zhang
2020-10-09 18:29 ` Sagi Grimberg
2020-10-10 6:08 ` Yi Zhang
2020-10-12 3:59 ` Chao Leng
2020-10-12 8:13 ` Ming Lei
2020-10-12 9:06 ` Chao Leng
2020-10-13 22:36 ` Sagi Grimberg
2020-10-14 1:08 ` Ming Lei
2020-10-14 1:37 ` Chao Leng
2020-10-14 2:02 ` Ming Lei
2020-10-14 2:32 ` Chao Leng
2020-10-14 2:41 ` Chao Leng
2020-10-14 3:34 ` Ming Lei
2020-10-14 9:39 ` Chao Leng [this message]
2020-10-14 9:56 ` Ming Lei
2020-10-15 6:05 ` Chao Leng
2020-10-15 7:50 ` Ming Lei
2020-10-15 10:05 ` Chao Leng
2020-10-14 1:32 ` Chao Leng
2020-10-13 22:31 ` Sagi Grimberg
2020-10-14 1:25 ` Chao Leng
2020-10-09 8:11 ` Sagi Grimberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f5870b91-28c5-ea99-59df-cdcc8c482011@huawei.com \
--to=lengchao@huawei.com \
--cc=axboe@kernel.dk \
--cc=hch@lst.de \
--cc=kbusch@kernel.org \
--cc=linux-block@vger.kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=ming.lei@redhat.com \
--cc=sagi@grimberg.me \
--cc=yi.zhang@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).