On Thu, 2018-06-14 at 13:58 +0200, Christoph Hellwig wrote:
> We can currently call the timeout handler again on a request that has
> already been handed over to the timeout handler. Prevent that with a new
> flag.
>
> Fixes: 12f5b931 ("blk-mq: Remove generation seqeunce")
> Reported-by: Andrew Randrianasulu <randrianasulu@xxxxxxxxx>
> Tested-by: Andrew Randrianasulu <randrianasulu@xxxxxxxxx>
> Signed-off-by: Christoph Hellwig <hch@xxxxxx>
> ---
> block/blk-mq.c | 5 +++++
> include/linux/blkdev.h | 2 ++
> 2 files changed, 7 insertions(+)
>
> diff --git a/block/blk-mq.c b/block/blk-mq.c
> index e9da5e6a8526..54332db09e5d 100644
> --- a/block/blk-mq.c
> +++ b/block/blk-mq.c
> @@ -671,6 +671,7 @@ static void __blk_mq_requeue_request(struct request *rq)
>
> if (blk_mq_request_started(rq)) {
> WRITE_ONCE(rq->state, MQ_RQ_IDLE);
> + rq->rq_flags &= ~RQF_TIMED_OUT;
> if (q->dma_drain_size && blk_rq_bytes(rq))
> rq->nr_phys_segments--;
> }
> @@ -770,6 +771,7 @@ EXPORT_SYMBOL(blk_mq_tag_to_rq);
>
> static void blk_mq_rq_timed_out(struct request *req, bool reserved)
> {
> + req->rq_flags |= RQF_TIMED_OUT;
> if (req->q->mq_ops->timeout) {
> enum blk_eh_timer_return ret;
>
> @@ -779,6 +781,7 @@ static void blk_mq_rq_timed_out(struct request *req, bool reserved)
> WARN_ON_ONCE(ret != BLK_EH_RESET_TIMER);
> }
>
> + req->rq_flags &= ~RQF_TIMED_OUT;
> blk_add_timer(req);
> }
I think it is wrong to clear the RQF_TIMED_OUT flag from inside
blk_mq_rq_timed_out(). That flag should only be cleared after the request tag
has been freed or after the request has been reused and a new timer is started
for the request. I think Tejun got it right in his patch called "[PATCH 6/8]
blk-mq: remove REQ_ATOM_COMPLETE usages from blk-mq". See also
https://www.mail-archive.com/linux-kernel@xxxxxxxxxxxxxxx/msg1580420.html.
Bart.
