On 9/9/24 10:24, Ming Lei wrote: > On Sat, Sep 07, 2024 at 07:50:32AM -0600, Jens Axboe wrote: >> On 9/7/24 3:04 AM, Damien Le Moal wrote: >>> On 9/7/24 16:58, Ming Lei wrote: >>>> On Sat, Sep 07, 2024 at 08:35:22AM +0100, Richard W.M. Jones wrote: >>>>> On Sat, Sep 07, 2024 at 09:43:31AM +0800, Ming Lei wrote: >>>>>> When switching io scheduler via sysfs, 'request_module' may be called >>>>>> if the specified scheduler doesn't exist. >>>>>> >>>>>> This was has deadlock risk because the module may be stored on FS behind >>>>>> our disk since request queue is frozen before switching its elevator. >>>>>> >>>>>> Fix it by returning -EDEADLK in case that the disk is claimed, which >>>>>> can be thought as one signal that the disk is mounted. >>>>>> >>>>>> Some distributions(Fedora) simulates the original kernel command line of >>>>>> 'elevator=foo' via 'echo foo > /sys/block/$DISK/queue/scheduler', and boot >>>>>> hang is triggered. >>>>>> >>>>>> Cc: Richard Jones <rjones@xxxxxxxxxx> >>>>>> Cc: Jeff Moyer <jmoyer@xxxxxxxxxx> >>>>>> Cc: Jiri Jaburek <jjaburek@xxxxxxxxxx> >>>>>> Signed-off-by: Ming Lei <ming.lei@xxxxxxxxxx> >>>>> >>>>> I'd suggest also: >>>>> >>>>> Bug: https://bugzilla.kernel.org/show_bug.cgi?id=219166 >>>>> Reported-by: Richard W.M. Jones <rjones@xxxxxxxxxx> >>>>> Reported-by: Jiri Jaburek <jjaburek@xxxxxxxxxx> >>>>> Tested-by: Richard W.M. Jones <rjones@xxxxxxxxxx> >>>>> >>>>> So I have tested this patch and it does fix the issue, at the possible >>>>> cost that now setting the scheduler can fail: >>>>> >>>>> + for f in /sys/block/{h,s,ub,v}d*/queue/scheduler >>>>> + echo noop >>>>> /init: line 109: echo: write error: Resource deadlock avoided >>>>> >>>>> (I know I'm setting it to an impossible value here, but this could >>>>> also happen when setting it to a valid one.) >>>> >>>> Actually in most of dist, io-schedulers are built-in, so request_module >>>> is just a nop, but meta IO must be started. >>>> >>>>> >>>>> Since almost no one checks the result of 'echo foo > /sys/...' that >>>>> would probably mean that sometimes a desired setting is silently not >>>>> set. >>>> >>>> As I mentioned, io-schedulers are built-in for most of dist, so >>>> request_module isn't called in case of one valid io-sched. >>>> >>>>> >>>>> Also I bisected this bug yesterday and found it was caused by (or, >>>>> more likely, exposed by): >>>>> >>>>> commit af2814149883e2c1851866ea2afcd8eadc040f79 >>>>> Author: Christoph Hellwig <hch@xxxxxx> >>>>> Date: Mon Jun 17 08:04:38 2024 +0200 >>>>> >>>>> block: freeze the queue in queue_attr_store >>>>> >>>>> queue_attr_store updates attributes used to control generating I/O, and >>>>> can cause malformed bios if changed with I/O in flight. Freeze the queue >>>>> in common code instead of adding it to almost every attribute. >>>>> >>>>> Reverting this commit on top of git head also fixes the problem. >>>>> >>>>> Why did this commit expose the problem? >>>> >>>> That is really the 1st bad commit which moves queue freezing before >>>> calling request_module(), originally we won't freeze queue until >>>> we have to do it. >>>> >>>> Another candidate fix is to revert it, or at least not do it >>>> for storing elevator attribute. >>> >>> I do not think that reverting is acceptable. Rather, a proper fix would simply >>> be to do the request_module() before freezing the queue. >>> Something like below should work (totally untested and that may be overkill). >> >> I like this approach, but let's please call it something descriptive >> like "load_module" or something like that. > > But 'load_module' is too specific as interface, and we just only have > one case which need to load module exactly. If another attr needs to do some prep work before freezing the queue and calling attr->store(), we can rename the load_module attribute method to something like "prepare_store" to be more generic. > > I guess there may be same risk in queue_wb_lat_store() which calls into > GFP_KERNEL allocation which implies direct reclaim & IO. > > Thanks, > Ming > -- Damien Le Moal Western Digital Research
