On 12/17/19 9:00 AM, David Jeffery wrote:
> Under heavy loads where the kyber I/O scheduler hits the token limits for
> its scheduling domains, kyber can become stuck. When active requests
> complete, kyber may not be woken up leaving the I/O requests in kyber
> stuck.
>
> This stuck state is due to a race condition with kyber and the sbitmap
> functions it uses to run a callback when enough requests have completed.
> The running of a sbt_wait callback can race with the attempt to insert the
> sbt_wait. Since sbitmap_del_wait_queue removes the sbt_wait from the list
> first then sets the sbq field to NULL, kyber can see the item as not on a
> list but the call to sbitmap_add_wait_queue will see sbq as non-NULL. This
> results in the sbt_wait being inserted onto the wait list but ws_active
> doesn't get incremented. So the sbitmap queue does not know there is a
> waiter on a wait list.
>
> Since sbitmap doesn't think there is a waiter, kyber may never be
> informed that there are domain tokens available and the I/O never advances.
> With the sbt_wait on a wait list, kyber believes it has an active waiter
> so cannot insert a new waiter when reaching the domain's full state.
>
> This race can be fixed by only adding the sbt_wait to the queue if the
> sbq field is NULL. If sbq is not NULL, there is already an action active
> which will trigger the re-running of kyber. Let it run and add the
> sbt_wait to the wait list if still needing to wait.
>
> Signed-off-by: David Jeffery <djeffery@xxxxxxxxxx>
> Reported-by: John Pittman <jpittman@xxxxxxxxxx>
> Tested-by: John Pittman <jpittman@xxxxxxxxxx>
> ---
>
> This bug was reliably being triggered on several test systems. With the
> fix, the tests no longer fail.
>
> sbitmap.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/sbitmap.c b/lib/sbitmap.c
> index 33feec8989f1..af88d1346dd7 100644
> --- a/lib/sbitmap.c
> +++ b/lib/sbitmap.c
> @@ -650,8 +650,8 @@ void sbitmap_add_wait_queue(struct sbitmap_queue *sbq,
> if (!sbq_wait->sbq) {
> sbq_wait->sbq = sbq;
> atomic_inc(&sbq->ws_active);
> + add_wait_queue(&ws->wait, &sbq_wait->wait);
> }
> - add_wait_queue(&ws->wait, &sbq_wait->wait);
> }
> EXPORT_SYMBOL_GPL(sbitmap_add_wait_queue);
This looks good to me, waiting for Omar to take a look (CC'ed).
--
Jens Axboe
