From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Tejun Heo <tj@kernel.org>,
Shirish Pargaonkar <spargaonkar@suse.com>,
Sasha Levin <sasha.levin@oracle.com>,
Jet Chen <jet.chen@intel.com>, Jens Axboe <axboe@fb.com>
Subject: [PATCH 3.15 14/37] blkcg: dont call into policy draining if root_blkg is already gone
Date: Tue, 29 Jul 2014 18:48:50 -0700 [thread overview]
Message-ID: <20140730014828.355141181@linuxfoundation.org> (raw)
In-Reply-To: <20140730014827.565626091@linuxfoundation.org>
3.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tejun Heo <tj@kernel.org>
commit 0b462c89e31f7eb6789713437eb551833ee16ff3 upstream.
While a queue is being destroyed, all the blkgs are destroyed and its
->root_blkg pointer is set to NULL. If someone else starts to drain
while the queue is in this state, the following oops happens.
NULL pointer dereference at 0000000000000028
IP: [<ffffffff8144e944>] blk_throtl_drain+0x84/0x230
PGD e4a1067 PUD b773067 PMD 0
Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
Modules linked in: cfq_iosched(-) [last unloaded: cfq_iosched]
CPU: 1 PID: 537 Comm: bash Not tainted 3.16.0-rc3-work+ #2
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
task: ffff88000e222250 ti: ffff88000efd4000 task.ti: ffff88000efd4000
RIP: 0010:[<ffffffff8144e944>] [<ffffffff8144e944>] blk_throtl_drain+0x84/0x230
RSP: 0018:ffff88000efd7bf0 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff880015091450 RCX: 0000000000000001
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff88000efd7c10 R08: 0000000000000000 R09: 0000000000000001
R10: ffff88000e222250 R11: 0000000000000000 R12: ffff880015091450
R13: ffff880015092e00 R14: ffff880015091d70 R15: ffff88001508fc28
FS: 00007f1332650740(0000) GS:ffff88001fa80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000028 CR3: 0000000009446000 CR4: 00000000000006e0
Stack:
ffffffff8144e8f6 ffff880015091450 0000000000000000 ffff880015091d80
ffff88000efd7c28 ffffffff8144ae2f ffff880015091450 ffff88000efd7c58
ffffffff81427641 ffff880015091450 ffffffff82401f00 ffff880015091450
Call Trace:
[<ffffffff8144ae2f>] blkcg_drain_queue+0x1f/0x60
[<ffffffff81427641>] __blk_drain_queue+0x71/0x180
[<ffffffff81429b3e>] blk_queue_bypass_start+0x6e/0xb0
[<ffffffff814498b8>] blkcg_deactivate_policy+0x38/0x120
[<ffffffff8144ec44>] blk_throtl_exit+0x34/0x50
[<ffffffff8144aea5>] blkcg_exit_queue+0x35/0x40
[<ffffffff8142d476>] blk_release_queue+0x26/0xd0
[<ffffffff81454968>] kobject_cleanup+0x38/0x70
[<ffffffff81454848>] kobject_put+0x28/0x60
[<ffffffff81427505>] blk_put_queue+0x15/0x20
[<ffffffff817d07bb>] scsi_device_dev_release_usercontext+0x16b/0x1c0
[<ffffffff810bc339>] execute_in_process_context+0x89/0xa0
[<ffffffff817d064c>] scsi_device_dev_release+0x1c/0x20
[<ffffffff817930e2>] device_release+0x32/0xa0
[<ffffffff81454968>] kobject_cleanup+0x38/0x70
[<ffffffff81454848>] kobject_put+0x28/0x60
[<ffffffff817934d7>] put_device+0x17/0x20
[<ffffffff817d11b9>] __scsi_remove_device+0xa9/0xe0
[<ffffffff817d121b>] scsi_remove_device+0x2b/0x40
[<ffffffff817d1257>] sdev_store_delete+0x27/0x30
[<ffffffff81792ca8>] dev_attr_store+0x18/0x30
[<ffffffff8126f75e>] sysfs_kf_write+0x3e/0x50
[<ffffffff8126ea87>] kernfs_fop_write+0xe7/0x170
[<ffffffff811f5e9f>] vfs_write+0xaf/0x1d0
[<ffffffff811f69bd>] SyS_write+0x4d/0xc0
[<ffffffff81d24692>] system_call_fastpath+0x16/0x1b
776687bce42b ("block, blk-mq: draining can't be skipped even if
bypass_depth was non-zero") made it easier to trigger this bug by
making blk_queue_bypass_start() drain even when it loses the first
bypass test to blk_cleanup_queue(); however, the bug has always been
there even before the commit as blk_queue_bypass_start() could race
against queue destruction, win the initial bypass test but perform the
actual draining after blk_cleanup_queue() already destroyed all blkgs.
Fix it by skippping calling into policy draining if all the blkgs are
already gone.
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Shirish Pargaonkar <spargaonkar@suse.com>
Reported-by: Sasha Levin <sasha.levin@oracle.com>
Reported-by: Jet Chen <jet.chen@intel.com>
Tested-by: Shirish Pargaonkar <spargaonkar@suse.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/blk-cgroup.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/block/blk-cgroup.c
+++ b/block/blk-cgroup.c
@@ -872,6 +872,13 @@ void blkcg_drain_queue(struct request_qu
{
lockdep_assert_held(q->queue_lock);
+ /*
+ * @q could be exiting and already have destroyed all blkgs as
+ * indicated by NULL root_blkg. If so, don't confuse policies.
+ */
+ if (!q->root_blkg)
+ return;
+
blk_throtl_drain(q);
}
next prev parent reply other threads:[~2014-07-30 1:50 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-30 1:48 [PATCH 3.15 00/37] 3.15.8-stable review Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 01/37] media: staging: tighten omap4iss dependencies Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 02/37] media: media: v4l2-core: v4l2-dv-timings.c: Cleaning up code wrong value used in aspect ratio Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 03/37] media: af9035: override tuner id when bad value set into eeprom Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 04/37] media: hdpvr: fix two audio bugs Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 05/37] media: tda10071: force modulation to QPSK on DVB-S Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 06/37] nfs: only show Posix ACLs in listxattr if actually present Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 07/37] xtensa: fix sysmem reservation at the end of existing block Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 08/37] block: provide compat ioctl for BLKZEROOUT Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 09/37] block: dont assume last put of shared tags is for the host Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 10/37] libata: support the ata host which implements a queue depth less than 32 Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 11/37] libata: introduce ata_host->n_tags to avoid oops on SAS controllers Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 12/37] s390/ptrace: fix PSW mask check Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 13/37] ahci: add support for the Promise FastTrak TX8660 SATA HBA (ahci mode) Greg Kroah-Hartman
2014-07-30 1:48 ` Greg Kroah-Hartman [this message]
2014-07-30 1:48 ` [PATCH 3.15 15/37] tracing: Fix wraparound problems in "uptime" trace clock Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 16/37] zram: avoid lockdep splat by revalidate_disk Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 17/37] powerpc/pseries: dynamically added OF nodes need to call of_node_init Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 18/37] slab_common: fix the check for duplicate slab names Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 19/37] Input: synaptics - add min/max quirk for pnp-id LEN2002 (Edge E531) Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 20/37] Input: fix defuzzing logic Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 21/37] coredump: fix the setting of PF_DUMPCORE Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 22/37] fuse: s_time_gran fix Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 23/37] fuse: add FUSE_NO_OPEN_SUPPORT flag to INIT Greg Kroah-Hartman
2014-07-30 1:49 ` [PATCH 3.15 24/37] pinctrl: st: Fix irqmux handler Greg Kroah-Hartman
2014-07-30 1:49 ` [PATCH 3.15 25/37] parisc: Remove SA_RESTORER define Greg Kroah-Hartman
2014-07-30 1:49 ` [PATCH 3.15 26/37] hwmon: (smsc47m192) Fix temperature limit and vrm write operations Greg Kroah-Hartman
2014-07-30 1:49 ` [PATCH 3.15 27/37] parport: fix menu breakage Greg Kroah-Hartman
2014-07-30 1:49 ` [PATCH 3.15 28/37] fs: umount on symlink leaks mnt count Greg Kroah-Hartman
2014-07-30 1:49 ` [PATCH 3.15 29/37] x86_32, entry: Store badsys error code in %eax Greg Kroah-Hartman
2014-07-30 1:49 ` [PATCH 3.15 32/37] mm: hugetlb: fix copy_hugetlb_page_range() Greg Kroah-Hartman
2014-07-30 1:49 ` [PATCH 3.15 34/37] hwrng: virtio - ensure reads happen after successful probe Greg Kroah-Hartman
2014-07-30 1:49 ` [PATCH 3.15 35/37] mm: do not call do_fault_around for non-linear fault Greg Kroah-Hartman
2014-07-30 1:49 ` [PATCH 3.15 36/37] nl80211: move set_qos_map command into split state Greg Kroah-Hartman
2014-07-30 1:49 ` [PATCH 3.15 37/37] platform_get_irq: Revert to platform_get_resource if of_irq_get fails Greg Kroah-Hartman
[not found] ` <20140730014829.344302554@linuxfoundation.org>
2014-07-30 6:53 ` [PATCH 3.15 33/37] Fix gcc-4.9.0 miscompilation of load_balance() in scheduler Jakub Jelinek
2014-07-30 7:13 ` Markus Trippelsdorf
2014-07-30 7:21 ` Jakub Jelinek
2014-07-30 7:27 ` Markus Trippelsdorf
2014-07-30 15:47 ` Linus Torvalds
2014-08-05 11:31 ` Josh Boyer
2014-08-05 11:46 ` Markus Trippelsdorf
2014-08-05 15:24 ` Jakub Jelinek
2014-08-05 15:19 ` Greg Kroah-Hartman
2014-08-05 16:49 ` Linus Torvalds
2014-08-05 20:57 ` Josh Boyer
2014-08-05 21:07 ` Frank Ch. Eigler
2014-08-05 22:36 ` Linus Torvalds
2014-08-05 23:30 ` Frank Ch. Eigler
2014-08-05 23:59 ` Linus Torvalds
2014-10-06 21:05 ` [PATCH] Kbuild: Add an option to enable GCC VTA Josh Stone
2014-08-06 8:14 ` [PATCH 3.15 33/37] Fix gcc-4.9.0 miscompilation of load_balance() in scheduler Jakub Jelinek
2014-08-06 10:23 ` Måns Rullgård
2014-08-06 10:23 ` Måns Rullgård
2014-08-06 16:34 ` Alexei Starovoitov
2014-07-30 11:58 ` [PATCH 3.15 00/37] 3.15.8-stable review Satoru Takeuchi
2014-07-30 11:58 ` Satoru Takeuchi
2014-07-30 15:50 ` Greg Kroah-Hartman
2014-07-30 16:09 ` Guenter Roeck
2014-07-30 22:23 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140730014828.355141181@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=axboe@fb.com \
--cc=jet.chen@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=sasha.levin@oracle.com \
--cc=spargaonkar@suse.com \
--cc=stable@vger.kernel.org \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.