From: Ming Lei <ming.lei@redhat.com>
To: Jens Axboe <axboe@kernel.dk>
Cc: linux-block@vger.kernel.org, Hannes Reinecke <hare@suse.com>,
Keith Busch <keith.busch@intel.com>,
linux-nvme@lists.infradead.org, Sagi Grimberg <sagi@grimberg.me>,
Ming Lei <ming.lei@redhat.com>,
Dongli Zhang <dongli.zhang@oracle.com>,
James Smart <james.smart@broadcom.com>,
Bart Van Assche <bart.vanassche@wdc.com>,
linux-scsi@vger.kernel.org,
"Martin K . Petersen" <martin.petersen@oracle.com>,
Christoph Hellwig <hch@lst.de>,
"James E . J . Bottomley" <jejb@linux.vnet.ibm.com>,
jianchao wang <jianchao.w.wang@oracle.com>
Subject: [PATCH V6 0/9] blk-mq: fix races related with freeing queue
Date: Wed, 17 Apr 2019 11:44:01 +0800 [thread overview]
Message-ID: <20190417034410.31957-1-ming.lei@redhat.com> (raw)
Hi,
Since 45a9c9d909b2 ("blk-mq: Fix a use-after-free"), run queue isn't
allowed during cleanup queue even though queue refcount is held.
This change has caused lots of kernel oops triggered in run queue path,
turns out it isn't easy to fix them all.
So move freeing of hw queue resources into hctx's release handler, then
the above issue is fixed. Meantime, this way is safe given freeing hw
queue resource doesn't require tags.
V3 covers more races.
V6:
- remove previous SCSI patch which will be routed via SCSI tree
- add reviewed-by tag
- fix one related NVMe scan vs reset race
V5:
- refactor blk_mq_alloc_and_init_hctx()
- fix race related updating nr_hw_queues by always freeing hctx
after request queue is released
V4:
- add patch for fixing potential use-after-free in blk_mq_update_nr_hw_queues
- fix comment in the last patch
V3:
- cancel q->requeue_work in queue's release handler
- cancel hctx->run_work in hctx's release handler
- add patch 1 for fixing race in plug code path
- the last patch is added for avoiding to grab SCSI's refcont
in IO path
V2:
- moving freeing hw queue resources into hctx's release handler
Ming Lei (9):
blk-mq: grab .q_usage_counter when queuing request from plug code path
blk-mq: move cancel of requeue_work into blk_mq_release
blk-mq: free hw queue's resource in hctx's release handler
blk-mq: move all hctx alloction & initialization into
__blk_mq_alloc_and_init_hctx
blk-mq: split blk_mq_alloc_and_init_hctx into two parts
blk-mq: always free hctx after request queue is freed
blk-mq: move cancel of hctx->run_work into blk_mq_hw_sysfs_release
block: don't drain in-progress dispatch in blk_cleanup_queue()
nvme: hold request queue's refcount in ns's whole lifetime
block/blk-core.c | 23 +-----
block/blk-mq-sysfs.c | 8 ++
block/blk-mq.c | 195 ++++++++++++++++++++++++++++-------------------
block/blk-mq.h | 2 +-
drivers/nvme/host/core.c | 10 ++-
include/linux/blk-mq.h | 2 +
include/linux/blkdev.h | 7 ++
7 files changed, 143 insertions(+), 104 deletions(-)
Cc: Dongli Zhang <dongli.zhang@oracle.com>
Cc: James Smart <james.smart@broadcom.com>
Cc: Bart Van Assche <bart.vanassche@wdc.com>
Cc: linux-scsi@vger.kernel.org,
Cc: Martin K . Petersen <martin.petersen@oracle.com>,
Cc: Christoph Hellwig <hch@lst.de>,
Cc: James E . J . Bottomley <jejb@linux.vnet.ibm.com>,
Cc: jianchao wang <jianchao.w.wang@oracle.com>
--
2.9.5
WARNING: multiple messages have this Message-ID (diff)
From: ming.lei@redhat.com (Ming Lei)
Subject: [PATCH V6 0/9] blk-mq: fix races related with freeing queue
Date: Wed, 17 Apr 2019 11:44:01 +0800 [thread overview]
Message-ID: <20190417034410.31957-1-ming.lei@redhat.com> (raw)
Hi,
Since 45a9c9d909b2 ("blk-mq: Fix a use-after-free"), run queue isn't
allowed during cleanup queue even though queue refcount is held.
This change has caused lots of kernel oops triggered in run queue path,
turns out it isn't easy to fix them all.
So move freeing of hw queue resources into hctx's release handler, then
the above issue is fixed. Meantime, this way is safe given freeing hw
queue resource doesn't require tags.
V3 covers more races.
V6:
- remove previous SCSI patch which will be routed via SCSI tree
- add reviewed-by tag
- fix one related NVMe scan vs reset race
V5:
- refactor blk_mq_alloc_and_init_hctx()
- fix race related updating nr_hw_queues by always freeing hctx
after request queue is released
V4:
- add patch for fixing potential use-after-free in blk_mq_update_nr_hw_queues
- fix comment in the last patch
V3:
- cancel q->requeue_work in queue's release handler
- cancel hctx->run_work in hctx's release handler
- add patch 1 for fixing race in plug code path
- the last patch is added for avoiding to grab SCSI's refcont
in IO path
V2:
- moving freeing hw queue resources into hctx's release handler
Ming Lei (9):
blk-mq: grab .q_usage_counter when queuing request from plug code path
blk-mq: move cancel of requeue_work into blk_mq_release
blk-mq: free hw queue's resource in hctx's release handler
blk-mq: move all hctx alloction & initialization into
__blk_mq_alloc_and_init_hctx
blk-mq: split blk_mq_alloc_and_init_hctx into two parts
blk-mq: always free hctx after request queue is freed
blk-mq: move cancel of hctx->run_work into blk_mq_hw_sysfs_release
block: don't drain in-progress dispatch in blk_cleanup_queue()
nvme: hold request queue's refcount in ns's whole lifetime
block/blk-core.c | 23 +-----
block/blk-mq-sysfs.c | 8 ++
block/blk-mq.c | 195 ++++++++++++++++++++++++++++-------------------
block/blk-mq.h | 2 +-
drivers/nvme/host/core.c | 10 ++-
include/linux/blk-mq.h | 2 +
include/linux/blkdev.h | 7 ++
7 files changed, 143 insertions(+), 104 deletions(-)
Cc: Dongli Zhang <dongli.zhang at oracle.com>
Cc: James Smart <james.smart at broadcom.com>
Cc: Bart Van Assche <bart.vanassche at wdc.com>
Cc: linux-scsi at vger.kernel.org,
Cc: Martin K . Petersen <martin.petersen at oracle.com>,
Cc: Christoph Hellwig <hch at lst.de>,
Cc: James E . J . Bottomley <jejb at linux.vnet.ibm.com>,
Cc: jianchao wang <jianchao.w.wang at oracle.com>
--
2.9.5
next reply other threads:[~2019-04-17 3:44 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-17 3:44 Ming Lei [this message]
2019-04-17 3:44 ` [PATCH V6 0/9] blk-mq: fix races related with freeing queue Ming Lei
2019-04-17 3:44 ` [PATCH V6 1/9] blk-mq: grab .q_usage_counter when queuing request from plug code path Ming Lei
2019-04-17 3:44 ` Ming Lei
2019-04-17 3:44 ` [PATCH V6 2/9] blk-mq: move cancel of requeue_work into blk_mq_release Ming Lei
2019-04-17 3:44 ` Ming Lei
2019-04-17 12:00 ` Hannes Reinecke
2019-04-17 12:00 ` Hannes Reinecke
2019-04-17 3:44 ` [PATCH V6 3/9] blk-mq: free hw queue's resource in hctx's release handler Ming Lei
2019-04-17 3:44 ` Ming Lei
2019-04-17 12:02 ` Hannes Reinecke
2019-04-17 12:02 ` Hannes Reinecke
2019-04-17 3:44 ` [PATCH V6 4/9] blk-mq: move all hctx alloction & initialization into __blk_mq_alloc_and_init_hctx Ming Lei
2019-04-17 3:44 ` Ming Lei
2019-04-17 12:03 ` Hannes Reinecke
2019-04-17 12:03 ` Hannes Reinecke
2019-04-17 3:44 ` [PATCH V6 5/9] blk-mq: split blk_mq_alloc_and_init_hctx into two parts Ming Lei
2019-04-17 3:44 ` Ming Lei
2019-04-17 3:44 ` [PATCH V6 6/9] blk-mq: always free hctx after request queue is freed Ming Lei
2019-04-17 3:44 ` Ming Lei
2019-04-17 12:08 ` Hannes Reinecke
2019-04-17 12:08 ` Hannes Reinecke
2019-04-17 12:59 ` Ming Lei
2019-04-17 12:59 ` Ming Lei
2019-04-22 3:30 ` Ming Lei
2019-04-22 3:30 ` Ming Lei
2019-04-23 11:19 ` Hannes Reinecke
2019-04-23 11:19 ` Hannes Reinecke
2019-04-23 13:30 ` Ming Lei
2019-04-23 13:30 ` Ming Lei
2019-04-23 14:07 ` Hannes Reinecke
2019-04-23 14:07 ` Hannes Reinecke
2019-04-24 1:12 ` Ming Lei
2019-04-24 1:12 ` Ming Lei
2019-04-24 1:45 ` Ming Lei
2019-04-24 1:45 ` Ming Lei
2019-04-24 5:55 ` Hannes Reinecke
2019-04-24 5:55 ` Hannes Reinecke
2019-04-17 3:44 ` [PATCH V6 7/9] blk-mq: move cancel of hctx->run_work into blk_mq_hw_sysfs_release Ming Lei
2019-04-17 3:44 ` Ming Lei
2019-04-17 3:44 ` [PATCH V6 8/9] block: don't drain in-progress dispatch in blk_cleanup_queue() Ming Lei
2019-04-17 3:44 ` Ming Lei
2019-04-17 3:44 ` [PATCH V6 9/9] nvme: hold request queue's refcount in ns's whole lifetime Ming Lei
2019-04-17 3:44 ` Ming Lei
2019-04-17 12:10 ` Hannes Reinecke
2019-04-17 12:10 ` Hannes Reinecke
2019-04-17 15:55 ` Keith Busch
2019-04-17 15:55 ` Keith Busch
2019-04-17 17:22 ` [PATCH V6 0/9] blk-mq: fix races related with freeing queue James Smart
2019-04-17 17:22 ` James Smart
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190417034410.31957-1-ming.lei@redhat.com \
--to=ming.lei@redhat.com \
--cc=axboe@kernel.dk \
--cc=bart.vanassche@wdc.com \
--cc=dongli.zhang@oracle.com \
--cc=hare@suse.com \
--cc=hch@lst.de \
--cc=james.smart@broadcom.com \
--cc=jejb@linux.vnet.ibm.com \
--cc=jianchao.w.wang@oracle.com \
--cc=keith.busch@intel.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.