On Thu, Sep 09, 2021 at 07:14:20PM +0800, Hou Tao wrote:
> Hi,
>
> On 9/9/2021 5:19 PM, Ming Lei wrote:
> > Hello Hou,
> >
> > On Thu, Sep 09, 2021 at 05:00:54PM +0800, Hou Tao wrote:
> >> According to commit 4412efecf7fd ("Revert "blk-mq: remove code for
> >> dealing with remapping queue""), for some devices queue hctx may not
> >> being mapped, and tagset->tags[hctx_idx] will be released and be NULL.
> >>
> >> If an IO scheduler is used on these devices, blk_mq_clear_rq_mapping()
> >> will be called for all hctxs in blk_mq_sched_free_requests() during
> >> scheduler switch, and these will be oops. So checking the existence of
> >> tags[hctx_idx] before going on in blk_mq_clear_rq_mapping().
> > unmapped hctx should be caused by blk_mq_update_nr_hw_queues() only,
> > but scheduler tags is updated there too, so not sure it is one real
> > issue, did you observe such kernel panic? any kernel log?
> Not a real issue, just find the potential "problem" during code review.
>
> But is the case below possible ?
> There is an unmapped hctx and a freed tags[hctx_idx] after
> blk_mq_update_nr_hw_queues(), and IO scheduler is used. When
> switching IO scheduler to none, the previous schedule tag
> on each hctx will be freed in blk_mq_sched_free_requests().
> blk_mq_sched_free_requests() will call blk_mq_free_rqs(), and
>
> blk_mq_free_rqs() will access the NULLed tags[hctx_idx].
It isn't possible. One invariant is that the first 'q->nr_hw_queues'
elements of ->queue_hw_ctx[] / ->tags[] are valid and the others are
freed after blk_mq_update_nr_hw_queues() returns.
thanks,
Ming
