* [PATCH 0/2] block: fixes for always associate blkg
@ 2018-10-20 18:56 Dennis Zhou
2018-10-20 18:56 ` [PATCH 1/2] blkcg: fix edge case for blk_get_rl() under memory pressure Dennis Zhou
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Dennis Zhou @ 2018-10-20 18:56 UTC (permalink / raw)
To: Jens Axboe
Cc: Tejun Heo, Valdis Kletnieks, kernel-team, linux-block,
linux-kernel, Dennis Zhou
Hi everyone,
It was reported in [1] that blk_get_rl() cleanup patch was causing a
null pointer dereference. After some back and forth debugging with
Valdis, it turns out I wasn't properly handling association with
recursive calls to make_request().
Another issue was identified with the blk_get_rl() update as it is
possible under certain circumstances that a blkg cannot be allocated
when called in blk_get_rl(). This could result in the blkcg_root being
returned. However, the blkcg_root is a special case where all blkgs
share the request_queue's request_list.
The original series can be found at [2].
[1] https://lore.kernel.org/lkml/13987.1539646128@turing-police.cc.vt.edu/
[2] https://lore.kernel.org/lkml/20180911184137.35897-1-dennisszhou@gmail.com/
This patchset contains the following 2 patches:
0001-blkcg-fix-edge-case-for-blk_get_rl-under-memory-pres.patch
0002-blkcg-reassociate-bios-when-make_request-is-called-r.patch
0001 addresses an edge case where a blkg cannot be created and can
possibly return a blkg associated with the blkcg_root. 0002 fixes the
stale association when make_request() is called recursively.
This patchset is on top of axboe#for-4.20/block bbc152825afc.
diffstats below:
Dennis Zhou (2):
blkcg: fix edge case for blk_get_rl() under memory pressure
blkcg: reassociate bios when make_request() is called recursively
block/bio.c | 20 ++++++++++++++++++++
block/blk-core.c | 1 +
include/linux/bio.h | 3 +++
include/linux/blk-cgroup.h | 2 +-
4 files changed, 25 insertions(+), 1 deletion(-)
Thanks,
Dennis
^ permalink raw reply [flat|nested] 4+ messages in thread* [PATCH 1/2] blkcg: fix edge case for blk_get_rl() under memory pressure 2018-10-20 18:56 [PATCH 0/2] block: fixes for always associate blkg Dennis Zhou @ 2018-10-20 18:56 ` Dennis Zhou 2018-10-20 18:56 ` [PATCH 2/2] blkcg: reassociate bios when make_request() is called recursively Dennis Zhou 2018-10-20 21:40 ` [PATCH 0/2] block: fixes for always associate blkg Jens Axboe 2 siblings, 0 replies; 4+ messages in thread From: Dennis Zhou @ 2018-10-20 18:56 UTC (permalink / raw) To: Jens Axboe Cc: Tejun Heo, Valdis Kletnieks, kernel-team, linux-block, linux-kernel, Dennis Zhou It is possible for blkg creation to fail when in blk_get_rl(). In this situation, the fallback logic returns the nearest created blkg. There is however special handling for the request_list for the root blkcg. This fixes the missing edge case from the earlier series changing blk_get_rl(). Fixes: e2b0989954ae ("blkcg: cleanup and make blk_get_rl use blkg_lookup_create") Signed-off-by: Dennis Zhou <dennis@kernel.org> --- include/linux/blk-cgroup.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/blk-cgroup.h b/include/linux/blk-cgroup.h index b7fd08013de2..1e76ceebeb5d 100644 --- a/include/linux/blk-cgroup.h +++ b/include/linux/blk-cgroup.h @@ -597,7 +597,7 @@ static inline struct request_list *blk_get_rl(struct request_queue *q, if (unlikely(!blkg)) blkg = __blkg_lookup_create(blkcg, q); - if (!blkg_tryget(blkg)) + if (blkg->blkcg == &blkcg_root || !blkg_tryget(blkg)) goto rl_use_root; rcu_read_unlock(); -- 2.17.1 ^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 2/2] blkcg: reassociate bios when make_request() is called recursively 2018-10-20 18:56 [PATCH 0/2] block: fixes for always associate blkg Dennis Zhou 2018-10-20 18:56 ` [PATCH 1/2] blkcg: fix edge case for blk_get_rl() under memory pressure Dennis Zhou @ 2018-10-20 18:56 ` Dennis Zhou 2018-10-20 21:40 ` [PATCH 0/2] block: fixes for always associate blkg Jens Axboe 2 siblings, 0 replies; 4+ messages in thread From: Dennis Zhou @ 2018-10-20 18:56 UTC (permalink / raw) To: Jens Axboe Cc: Tejun Heo, Valdis Kletnieks, kernel-team, linux-block, linux-kernel, Dennis Zhou When submitting a bio, multiple recursive calls to make_request() may occur. This causes the initial associate done in blkcg_bio_issue_check() to be incorrect and reference the prior request_queue. This introduces a helper to do reassociation when make_request() is recursively called. Fixes: a7b39b4e961c ("blkcg: always associate a bio with a blkg") Reported-by: Valdis Kletnieks <valdis.kletnieks@vt.edu> Signed-off-by: Dennis Zhou <dennis@kernel.org> Tested-by: Valdis Kletnieks <valdis.kletnieks@vt.edu> --- block/bio.c | 20 ++++++++++++++++++++ block/blk-core.c | 1 + include/linux/bio.h | 3 +++ 3 files changed, 24 insertions(+) diff --git a/block/bio.c b/block/bio.c index 17a8b0aa7050..bbfeb4ee2892 100644 --- a/block/bio.c +++ b/block/bio.c @@ -2083,6 +2083,26 @@ int bio_associate_create_blkg(struct request_queue *q, struct bio *bio) return ret; } +/** + * bio_reassociate_blkg - reassociate a bio with a blkg from q + * @q: request_queue where bio is going + * @bio: target bio + * + * When submitting a bio, multiple recursive calls to make_request() may occur. + * This causes the initial associate done in blkcg_bio_issue_check() to be + * incorrect and reference the prior request_queue. This performs reassociation + * when this situation happens. + */ +int bio_reassociate_blkg(struct request_queue *q, struct bio *bio) +{ + if (bio->bi_blkg) { + blkg_put(bio->bi_blkg); + bio->bi_blkg = NULL; + } + + return bio_associate_create_blkg(q, bio); +} + /** * bio_disassociate_task - undo bio_associate_current() * @bio: target bio diff --git a/block/blk-core.c b/block/blk-core.c index cdfabc5646da..3ed60723e242 100644 --- a/block/blk-core.c +++ b/block/blk-core.c @@ -2433,6 +2433,7 @@ blk_qc_t generic_make_request(struct bio *bio) if (q) blk_queue_exit(q); q = bio->bi_disk->queue; + bio_reassociate_blkg(q, bio); flags = 0; if (bio->bi_opf & REQ_NOWAIT) flags = BLK_MQ_REQ_NOWAIT; diff --git a/include/linux/bio.h b/include/linux/bio.h index f447b0ebb288..b47c7f716731 100644 --- a/include/linux/bio.h +++ b/include/linux/bio.h @@ -514,6 +514,7 @@ int bio_associate_blkg(struct bio *bio, struct blkcg_gq *blkg); int bio_associate_blkg_from_css(struct bio *bio, struct cgroup_subsys_state *css); int bio_associate_create_blkg(struct request_queue *q, struct bio *bio); +int bio_reassociate_blkg(struct request_queue *q, struct bio *bio); void bio_disassociate_task(struct bio *bio); void bio_clone_blkg_association(struct bio *dst, struct bio *src); #else /* CONFIG_BLK_CGROUP */ @@ -522,6 +523,8 @@ static inline int bio_associate_blkg_from_css(struct bio *bio, { return 0; } static inline int bio_associate_create_blkg(struct request_queue *q, struct bio *bio) { return 0; } +static inline int bio_reassociate_blkg(struct request_queue *q, struct bio *bio) +{ return 0; } static inline void bio_disassociate_task(struct bio *bio) { } static inline void bio_clone_blkg_association(struct bio *dst, struct bio *src) { } -- 2.17.1 ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 0/2] block: fixes for always associate blkg 2018-10-20 18:56 [PATCH 0/2] block: fixes for always associate blkg Dennis Zhou 2018-10-20 18:56 ` [PATCH 1/2] blkcg: fix edge case for blk_get_rl() under memory pressure Dennis Zhou 2018-10-20 18:56 ` [PATCH 2/2] blkcg: reassociate bios when make_request() is called recursively Dennis Zhou @ 2018-10-20 21:40 ` Jens Axboe 2 siblings, 0 replies; 4+ messages in thread From: Jens Axboe @ 2018-10-20 21:40 UTC (permalink / raw) To: Dennis Zhou Cc: Tejun Heo, Valdis Kletnieks, kernel-team, linux-block, linux-kernel On 10/20/18 12:56 PM, Dennis Zhou wrote: > Hi everyone, > > It was reported in [1] that blk_get_rl() cleanup patch was causing a > null pointer dereference. After some back and forth debugging with > Valdis, it turns out I wasn't properly handling association with > recursive calls to make_request(). > > Another issue was identified with the blk_get_rl() update as it is > possible under certain circumstances that a blkg cannot be allocated > when called in blk_get_rl(). This could result in the blkcg_root being > returned. However, the blkcg_root is a special case where all blkgs > share the request_queue's request_list. > > The original series can be found at [2]. > > [1] https://lore.kernel.org/lkml/13987.1539646128@turing-police.cc.vt.edu/ > [2] https://lore.kernel.org/lkml/20180911184137.35897-1-dennisszhou@gmail.com/ > > This patchset contains the following 2 patches: > 0001-blkcg-fix-edge-case-for-blk_get_rl-under-memory-pres.patch > 0002-blkcg-reassociate-bios-when-make_request-is-called-r.patch > > 0001 addresses an edge case where a blkg cannot be created and can > possibly return a blkg associated with the blkcg_root. 0002 fixes the > stale association when make_request() is called recursively. Thanks Dennis, applied. -- Jens Axboe ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, back to index Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2018-10-20 18:56 [PATCH 0/2] block: fixes for always associate blkg Dennis Zhou 2018-10-20 18:56 ` [PATCH 1/2] blkcg: fix edge case for blk_get_rl() under memory pressure Dennis Zhou 2018-10-20 18:56 ` [PATCH 2/2] blkcg: reassociate bios when make_request() is called recursively Dennis Zhou 2018-10-20 21:40 ` [PATCH 0/2] block: fixes for always associate blkg Jens Axboe
LKML Archive on lore.kernel.org Archives are clonable: git clone --mirror https://lore.kernel.org/lkml/0 lkml/git/0.git git clone --mirror https://lore.kernel.org/lkml/1 lkml/git/1.git git clone --mirror https://lore.kernel.org/lkml/2 lkml/git/2.git git clone --mirror https://lore.kernel.org/lkml/3 lkml/git/3.git git clone --mirror https://lore.kernel.org/lkml/4 lkml/git/4.git git clone --mirror https://lore.kernel.org/lkml/5 lkml/git/5.git git clone --mirror https://lore.kernel.org/lkml/6 lkml/git/6.git git clone --mirror https://lore.kernel.org/lkml/7 lkml/git/7.git git clone --mirror https://lore.kernel.org/lkml/8 lkml/git/8.git git clone --mirror https://lore.kernel.org/lkml/9 lkml/git/9.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 lkml lkml/ https://lore.kernel.org/lkml \ linux-kernel@vger.kernel.org public-inbox-index lkml Example config snippet for mirrors Newsgroup available over NNTP: nntp://nntp.lore.kernel.org/org.kernel.vger.linux-kernel AGPL code for this site: git clone https://public-inbox.org/public-inbox.git