From: Ming Lei <ming.lei@redhat.com>
To: Christoph Hellwig <hch@lst.de>
Cc: Jens Axboe <axboe@kernel.dk>,
linux-block@vger.kernel.org, Tejun Heo <tj@kernel.org>,
Yu Kuai <yukuai3@huawei.com>
Subject: Re: [PATCH 2/3] block: let blkcg_gq grab request queue's refcnt
Date: Tue, 22 Mar 2022 18:23:34 +0800 [thread overview]
Message-ID: <YjmjplwpQpkOlimQ@T590> (raw)
In-Reply-To: <20220322093322.GA27283@lst.de>
On Tue, Mar 22, 2022 at 10:33:22AM +0100, Christoph Hellwig wrote:
> On Fri, Mar 18, 2022 at 09:01:43PM +0800, Ming Lei wrote:
> > In the whole lifetime of blkcg_gq instance, ->q will be referred, such
> > as, ->pd_free_fn() is called in blkg_free, and throtl_pd_free() still
> > may touch the request queue via &tg->service_queue.pending_timer which
> > is handled by throtl_pending_timer_fn(), so it is reasonable to grab
> > request queue's refcnt by blkcg_gq instance.
> >
> > Previously blkcg_exit_queue() is called from blk_release_queue, and it
> > is hard to avoid the use-after-free. But recently commit 1059699f87eb ("block:
> > move blkcg initialization/destroy into disk allocation/release handler")
> > is merged to for-5.18/block, it becomes simple to fix the issue by simply
> > grabbing request queue's refcnt.
> >
> > Reported-by: Christoph Hellwig <hch@lst.de>
> > Signed-off-by: Ming Lei <ming.lei@redhat.com>
> > ---
> > block/blk-cgroup.c | 5 +++++
> > 1 file changed, 5 insertions(+)
> >
> > diff --git a/block/blk-cgroup.c b/block/blk-cgroup.c
> > index fa063c6c0338..d53b0d69dd73 100644
> > --- a/block/blk-cgroup.c
> > +++ b/block/blk-cgroup.c
> > @@ -82,6 +82,8 @@ static void blkg_free(struct blkcg_gq *blkg)
> > if (blkg->pd[i])
> > blkcg_policy[i]->pd_free_fn(blkg->pd[i]);
> >
> > + if (blkg->q)
> > + blk_put_queue(blkg->q);
>
> blkg_free can be called from RCU context, while blk_put_queue must
> not be called from RCU context. This causes regular splats when running
> xfstests like:
Thanks for the report.
One solution is to delay 'blk_put_queue(blkg->q)' and 'kfree(blkg)'
into one work function by reusing blkg->async_bio_work as release_work.
I will prepare one patch for addressing the issue.
Thanks,
Ming
next prev parent reply other threads:[~2022-03-22 10:23 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-18 13:01 [PATCH for-5.18 0/3] block: throttle related fixes Ming Lei
2022-03-18 13:01 ` [PATCH 1/3] block: avoid use-after-free on throttle data Ming Lei
2022-03-18 13:01 ` [PATCH 2/3] block: let blkcg_gq grab request queue's refcnt Ming Lei
2022-03-22 9:33 ` Christoph Hellwig
2022-03-22 10:23 ` Ming Lei [this message]
2022-03-22 16:45 ` Tejun Heo
2022-03-23 0:32 ` Ming Lei
2022-04-20 1:46 ` Williams, Dan J
2022-04-20 2:01 ` yukuai (C)
2022-04-20 2:20 ` Ming Lei
2022-04-20 3:40 ` Dan Williams
2022-03-18 13:01 ` [PATCH 3/3] block: cancel all throttled bios in del_gendisk() Ming Lei
2022-03-18 15:58 ` [PATCH for-5.18 0/3] block: throttle related fixes Jens Axboe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YjmjplwpQpkOlimQ@T590 \
--to=ming.lei@redhat.com \
--cc=axboe@kernel.dk \
--cc=hch@lst.de \
--cc=linux-block@vger.kernel.org \
--cc=tj@kernel.org \
--cc=yukuai3@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.