On Tue, Nov 29, 2022 at 03:34:00PM -0500, Waiman Long <longman@xxxxxxxxxx> wrote:
> The reproducing system can no longer produce a warning with this patch.
> All the runnable block/0* tests including block/027 were run successfully
> without failure.
Thanks for the test!
> @@ -1088,7 +1088,15 @@ static void blkcg_destroy_blkgs(struct blkcg *blkcg)
>
> might_sleep();
>
> - css_get(&blkcg->css);
> + /*
> + * blkcg_destroy_blkgs() shouldn't be called with all the blkcg
> + * references gone and rcu_read_lock not held.
> + */
> + if (!css_tryget(&blkcg->css)) {
> + WARN_ON_ONCE(!rcu_read_lock_held());
> + return;
> + }
As I followed the previous discussion, the principle is that obtaining a
reference or being inside an RCU read section is sufficient.
Consequently, I'd expect the two situations handled equally but here the
no-ref but RCU bails out. (Which is OK because blkg_list must be empty?)
However, the might_sleep() in (non-sleepable) RCU reader section combo
makes me wary anyway (not with the early return but tools would likely
complain).
All in all, can't the contract of blkcg_destroy_blkgs() declare that
a caller must pass blkcg with a valid reference? (The body of
blkcg_destroy_blkgs then wouldn't need to get neither put the inner
reference).
HTH,
Michal
Attachment:
signature.asc
Description: Digital signature
