On Sat, Sep 07, 2024 at 07:50:32AM -0600, Jens Axboe wrote: > On 9/7/24 3:04 AM, Damien Le Moal wrote: > > On 9/7/24 16:58, Ming Lei wrote: > >> On Sat, Sep 07, 2024 at 08:35:22AM +0100, Richard W.M. Jones wrote: > >>> On Sat, Sep 07, 2024 at 09:43:31AM +0800, Ming Lei wrote: > >>>> When switching io scheduler via sysfs, 'request_module' may be called > >>>> if the specified scheduler doesn't exist. > >>>> > >>>> This was has deadlock risk because the module may be stored on FS behind > >>>> our disk since request queue is frozen before switching its elevator. > >>>> > >>>> Fix it by returning -EDEADLK in case that the disk is claimed, which > >>>> can be thought as one signal that the disk is mounted. > >>>> > >>>> Some distributions(Fedora) simulates the original kernel command line of > >>>> 'elevator=foo' via 'echo foo > /sys/block/$DISK/queue/scheduler', and boot > >>>> hang is triggered. > >>>> > >>>> Cc: Richard Jones <rjones@xxxxxxxxxx> > >>>> Cc: Jeff Moyer <jmoyer@xxxxxxxxxx> > >>>> Cc: Jiri Jaburek <jjaburek@xxxxxxxxxx> > >>>> Signed-off-by: Ming Lei <ming.lei@xxxxxxxxxx> > >>> > >>> I'd suggest also: > >>> > >>> Bug: https://bugzilla.kernel.org/show_bug.cgi?id=219166 > >>> Reported-by: Richard W.M. Jones <rjones@xxxxxxxxxx> > >>> Reported-by: Jiri Jaburek <jjaburek@xxxxxxxxxx> > >>> Tested-by: Richard W.M. Jones <rjones@xxxxxxxxxx> > >>> > >>> So I have tested this patch and it does fix the issue, at the possible > >>> cost that now setting the scheduler can fail: > >>> > >>> + for f in /sys/block/{h,s,ub,v}d*/queue/scheduler > >>> + echo noop > >>> /init: line 109: echo: write error: Resource deadlock avoided > >>> > >>> (I know I'm setting it to an impossible value here, but this could > >>> also happen when setting it to a valid one.) > >> > >> Actually in most of dist, io-schedulers are built-in, so request_module > >> is just a nop, but meta IO must be started. > >> > >>> > >>> Since almost no one checks the result of 'echo foo > /sys/...' that > >>> would probably mean that sometimes a desired setting is silently not > >>> set. > >> > >> As I mentioned, io-schedulers are built-in for most of dist, so > >> request_module isn't called in case of one valid io-sched. > >> > >>> > >>> Also I bisected this bug yesterday and found it was caused by (or, > >>> more likely, exposed by): > >>> > >>> commit af2814149883e2c1851866ea2afcd8eadc040f79 > >>> Author: Christoph Hellwig <hch@xxxxxx> > >>> Date: Mon Jun 17 08:04:38 2024 +0200 > >>> > >>> block: freeze the queue in queue_attr_store > >>> > >>> queue_attr_store updates attributes used to control generating I/O, and > >>> can cause malformed bios if changed with I/O in flight. Freeze the queue > >>> in common code instead of adding it to almost every attribute. > >>> > >>> Reverting this commit on top of git head also fixes the problem. > >>> > >>> Why did this commit expose the problem? > >> > >> That is really the 1st bad commit which moves queue freezing before > >> calling request_module(), originally we won't freeze queue until > >> we have to do it. > >> > >> Another candidate fix is to revert it, or at least not do it > >> for storing elevator attribute. > > > > I do not think that reverting is acceptable. Rather, a proper fix would simply > > be to do the request_module() before freezing the queue. > > Something like below should work (totally untested and that may be overkill). > > I like this approach, but let's please call it something descriptive > like "load_module" or something like that. But 'load_module' is too specific as interface, and we just only have one case which need to load module exactly. I guess there may be same risk in queue_wb_lat_store() which calls into GFP_KERNEL allocation which implies direct reclaim & IO. Thanks, Ming
