From: Chao Leng <lengchao@huawei.com>
To: Hannes Reinecke <hare@suse.de>, Christoph Hellwig <hch@lst.de>
Cc: <axboe@kernel.dk>, <axboe@fb.com>, <sagi@grimberg.me>,
<linux-nvme@lists.infradead.org>, <linux-block@vger.kernel.org>,
<kbusch@kernel.org>
Subject: Re: [PATCH v3 3/5] nvme-fabrics: avoid double request completion for nvmf_fail_nonready_command
Date: Fri, 22 Jan 2021 09:50:16 +0800 [thread overview]
Message-ID: <3bcd337b-3ab3-03ab-f9e6-a461cd8ee127@huawei.com> (raw)
In-Reply-To: <467a43b0-82cc-69b7-460a-413ddc8cf574@suse.de>
On 2021/1/21 17:27, Hannes Reinecke wrote:
> On 1/21/21 10:00 AM, Christoph Hellwig wrote:
>> On Thu, Jan 21, 2021 at 09:58:37AM +0100, Hannes Reinecke wrote:
>>> On 1/21/21 8:03 AM, Chao Leng wrote:
>>>> When reconnect, the request may be completed with NVME_SC_HOST_PATH_ERROR
>>>> in nvmf_fail_nonready_command. The state of request will be changed to
>>>> MQ_RQ_IN_FLIGHT before call nvme_complete_rq. If free the request
>>>> asynchronously such as in nvme_submit_user_cmd, in extreme scenario
>>>> the request may be completed again in tear down process.
>>>> nvmf_fail_nonready_command do not need calling blk_mq_start_request
>>>> before complete the request. nvmf_fail_nonready_command should set
>>>> the state of request to MQ_RQ_COMPLETE before complete the request.
>>>>
>>>
>>> So what you are saying is that there is a race condition between
>>> blk_mq_start_request()
>>> and
>>> nvme_complete_request()
>>
>> Between those to a teardown that cancels all requests can come in.
>>
> Doesn't nvme_complete_request() insulate against a double completion?
nvme_complete_request can not insulate against double completion.
Setting the state of request to MQ_RQ_COMPLETE avoid double completion.
tear down(nvme_cancel_request) check the state of the request, if the
state is MQ_RQ_COMPLETE, it will skip completion.
> I seem to remember we've gone through great lengths ensuring that.
>
> And if this is just about setting the correct error code on completion I'd really prefer to stick with the current code. Moving that into a helper is fine, but I'd rather not introduce our own code modifying request state.
>
> If there really is a race condition this feels like a more generic problem; calling blk_mq_start_request() followed by blk_mq_end_request() is a quite common pattern, and from my impression the recommended way.
> So if there is an issue it would need to be addressed for all drivers, not just some nvme-specific way.
Currently, it is not safe for nvme. The probability is very low.
I am not sure whether similar occurs in other scenarios.
> Plus I'd like to have Jens' opinion here.
>
> Cheers,
>
> Hannes
WARNING: multiple messages have this Message-ID (diff)
From: Chao Leng <lengchao@huawei.com>
To: Hannes Reinecke <hare@suse.de>, Christoph Hellwig <hch@lst.de>
Cc: axboe@kernel.dk, linux-block@vger.kernel.org, sagi@grimberg.me,
linux-nvme@lists.infradead.org, axboe@fb.com, kbusch@kernel.org
Subject: Re: [PATCH v3 3/5] nvme-fabrics: avoid double request completion for nvmf_fail_nonready_command
Date: Fri, 22 Jan 2021 09:50:16 +0800 [thread overview]
Message-ID: <3bcd337b-3ab3-03ab-f9e6-a461cd8ee127@huawei.com> (raw)
In-Reply-To: <467a43b0-82cc-69b7-460a-413ddc8cf574@suse.de>
On 2021/1/21 17:27, Hannes Reinecke wrote:
> On 1/21/21 10:00 AM, Christoph Hellwig wrote:
>> On Thu, Jan 21, 2021 at 09:58:37AM +0100, Hannes Reinecke wrote:
>>> On 1/21/21 8:03 AM, Chao Leng wrote:
>>>> When reconnect, the request may be completed with NVME_SC_HOST_PATH_ERROR
>>>> in nvmf_fail_nonready_command. The state of request will be changed to
>>>> MQ_RQ_IN_FLIGHT before call nvme_complete_rq. If free the request
>>>> asynchronously such as in nvme_submit_user_cmd, in extreme scenario
>>>> the request may be completed again in tear down process.
>>>> nvmf_fail_nonready_command do not need calling blk_mq_start_request
>>>> before complete the request. nvmf_fail_nonready_command should set
>>>> the state of request to MQ_RQ_COMPLETE before complete the request.
>>>>
>>>
>>> So what you are saying is that there is a race condition between
>>> blk_mq_start_request()
>>> and
>>> nvme_complete_request()
>>
>> Between those to a teardown that cancels all requests can come in.
>>
> Doesn't nvme_complete_request() insulate against a double completion?
nvme_complete_request can not insulate against double completion.
Setting the state of request to MQ_RQ_COMPLETE avoid double completion.
tear down(nvme_cancel_request) check the state of the request, if the
state is MQ_RQ_COMPLETE, it will skip completion.
> I seem to remember we've gone through great lengths ensuring that.
>
> And if this is just about setting the correct error code on completion I'd really prefer to stick with the current code. Moving that into a helper is fine, but I'd rather not introduce our own code modifying request state.
>
> If there really is a race condition this feels like a more generic problem; calling blk_mq_start_request() followed by blk_mq_end_request() is a quite common pattern, and from my impression the recommended way.
> So if there is an issue it would need to be addressed for all drivers, not just some nvme-specific way.
Currently, it is not safe for nvme. The probability is very low.
I am not sure whether similar occurs in other scenarios.
> Plus I'd like to have Jens' opinion here.
>
> Cheers,
>
> Hannes
_______________________________________________
Linux-nvme mailing list
Linux-nvme@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-nvme
next prev parent reply other threads:[~2021-01-22 1:51 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-21 7:03 [PATCH v3 0/5] avoid double request completion and IO error Chao Leng
2021-01-21 7:03 ` Chao Leng
2021-01-21 7:03 ` [PATCH v3 1/5] blk-mq: introduce blk_mq_set_request_complete Chao Leng
2021-01-21 7:03 ` Chao Leng
2021-01-21 8:40 ` Christoph Hellwig
2021-01-21 8:40 ` Christoph Hellwig
2021-01-22 1:46 ` Chao Leng
2021-01-22 1:46 ` Chao Leng
2021-01-21 7:03 ` [PATCH v3 2/5] nvme-core: introduce complete failed request Chao Leng
2021-01-21 7:03 ` Chao Leng
2021-01-21 8:41 ` Christoph Hellwig
2021-01-21 8:41 ` Christoph Hellwig
2021-01-22 1:46 ` Chao Leng
2021-01-22 1:46 ` Chao Leng
2021-01-21 7:03 ` [PATCH v3 3/5] nvme-fabrics: avoid double request completion for nvmf_fail_nonready_command Chao Leng
2021-01-21 7:03 ` Chao Leng
2021-01-21 8:58 ` Hannes Reinecke
2021-01-21 8:58 ` Hannes Reinecke
2021-01-21 9:00 ` Christoph Hellwig
2021-01-21 9:00 ` Christoph Hellwig
2021-01-21 9:27 ` Hannes Reinecke
2021-01-21 9:27 ` Hannes Reinecke
2021-01-22 1:50 ` Chao Leng [this message]
2021-01-22 1:50 ` Chao Leng
2021-01-22 1:48 ` Chao Leng
2021-01-22 1:48 ` Chao Leng
2021-01-21 7:03 ` [PATCH v3 4/5] nvme-rdma: avoid IO error for nvme native multipath Chao Leng
2021-01-21 7:03 ` Chao Leng
2021-01-21 7:03 ` [PATCH v3 5/5] nvme-fc: " Chao Leng
2021-01-21 7:03 ` Chao Leng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3bcd337b-3ab3-03ab-f9e6-a461cd8ee127@huawei.com \
--to=lengchao@huawei.com \
--cc=axboe@fb.com \
--cc=axboe@kernel.dk \
--cc=hare@suse.de \
--cc=hch@lst.de \
--cc=kbusch@kernel.org \
--cc=linux-block@vger.kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.