Hey Jens,
I'm getting a regression in nvme-rdma/nvme-loop with for-linus [1]
with a small script to trigger it.
The reason seems to be that the sched_tags does not take into account
the tag_set reserved tags.
This solves it for me, any objections on this?
--
diff --git a/block/blk-mq-sched.c b/block/blk-mq-sched.c
index 98c7b061781e..46ca965fff5c 100644
--- a/block/blk-mq-sched.c
+++ b/block/blk-mq-sched.c
@@ -454,7 +454,8 @@ int blk_mq_sched_setup(struct request_queue *q)
*/
ret = 0;
queue_for_each_hw_ctx(q, hctx, i) {
- hctx->sched_tags = blk_mq_alloc_rq_map(set, i,
q->nr_requests, 0);
+ hctx->sched_tags = blk_mq_alloc_rq_map(set, i,
+ q->nr_requests, set->reserved_tags);
if (!hctx->sched_tags) {
ret = -ENOMEM;
break;
--
Now I'm getting a NULL deref with nvme-rdma [1].
For some reason blk_mq_tag_to_rq() is returning NULL on
tag 0x0 which is io queue connect.
I'll try to see where this is coming from.
This does not happen with loop though...
--
[ 30.431889] nvme nvme0: creating 2 I/O queues.
[ 30.465458] nvme nvme0: tag 0x0 on QP 0x84 not found
[ 36.060168] BUG: unable to handle kernel NULL pointer dereference at
0000000000000030
[ 36.063277] IP: bt_iter+0x31/0x50
[ 36.064088] PGD 0
[ 36.064088] Oops: 0000 [#1] SMP
[ 36.064088] Modules linked in: nvme_rdma nvme_fabrics nvme_core
mlx5_ib ppdev kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul
ghash_clmulni_intel pcbc aesni_intel aes_x86_64 crypto_simd glue_helper
cryptd i2c_piix4 joydev input_leds serio_raw parport_pc parport mac_hid
ib_iser rdma_cm iw_cm ib_cm ib_core configfs iscsi_tcp libiscsi_tcp
libiscsi sunrpc scsi_transport_iscsi autofs4 cirrus ttm drm_kms_helper
syscopyarea sysfillrect mlx5_core sysimgblt fb_sys_fops psmouse drm
floppy ptp pata_acpi pps_core
[ 36.064088] CPU: 0 PID: 186 Comm: kworker/0:1H Not tainted 4.10.0+ #115
[ 36.064088] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
[ 36.064088] Workqueue: kblockd blk_mq_timeout_work
[ 36.064088] task: ffff95f6393a0080 task.stack: ffffb826803ac000
[ 36.064088] RIP: 0010:bt_iter+0x31/0x50
[ 36.064088] RSP: 0018:ffffb826803afda0 EFLAGS: 00010202
[ 36.064088] RAX: ffffb826803afdd0 RBX: ffff95f63c036800 RCX:
0000000000000001
[ 36.064088] RDX: ffff95f635ff0798 RSI: 0000000000000000 RDI:
ffff95f63c036800
[ 36.064088] RBP: ffffb826803afe18 R08: 0000000000000000 R09:
0000000000000001
[ 36.064088] R10: 0000000000000000 R11: 0000000000000000 R12:
0000000000000000
[ 36.064088] R13: ffff95f635d7c240 R14: 0000000000000000 R15:
ffff95f63c47ff00
[ 36.064088] FS: 0000000000000000(0000) GS:ffff95f63fc00000(0000)
knlGS:0000000000000000
[ 36.064088] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 36.064088] CR2: 0000000000000030 CR3: 000000003c8db000 CR4:
00000000003406f0
[ 36.064088] Call Trace:
[ 36.064088] ? blk_mq_queue_tag_busy_iter+0x191/0x1d0
[ 36.064088] ? blk_mq_rq_timed_out+0x70/0x70
[ 36.064088] ? blk_mq_rq_timed_out+0x70/0x70
[ 36.064088] blk_mq_timeout_work+0xba/0x160
[ 36.064088] process_one_work+0x16b/0x480
[ 36.064088] worker_thread+0x4b/0x500
[ 36.064088] kthread+0x101/0x140
[ 36.064088] ? process_one_work+0x480/0x480
[ 36.064088] ? kthread_create_on_node+0x40/0x40
[ 36.064088] ret_from_fork+0x2c/0x40
[ 36.064088] Code: 89 d0 48 8b 3a 0f b6 48 18 48 8b 97 08 01 00 00 84
c9 75 03 03 72 04 48 8b 92 80 00 00 00 89 f6 48 8b 34 f2 48 8b 97 98 00
00 00 <48> 39 56 30 74 06 b8 01 00 00 00 c3 55 48 8b 50 10 48 89 e5 ff
[ 36.064088] RIP: bt_iter+0x31/0x50 RSP: ffffb826803afda0
[ 36.064088] CR2: 0000000000000030
[ 36.064088] ---[ end trace 469df54df5f3cd87 ]---
--