Re: [PATCH V3 2/6] blk-mq: move cancel of requeue_work into blk_mq_release

Bart Van Assche <bvanassche@xxxxxxx> · Wed, 03 Apr 2019 09:19:13 -0700



On Wed, 2019-04-03 at 18:26 +-0800, Ming Lei wrote:
+AD4 with holding queue's kobject refcount, it is safe for driver
+AD4 to schedule requeue. However, blk+AF8-mq+AF8-kick+AF8-requeue+AF8-list() may
+AD4 be called after blk+AF8-sync+AF8-queue() is done because of concurrent
+AD4 requeue activities, then requeue work may not be completed when
+AD4 freeing queue, and kernel oops is triggered.
+AD4 
+AD4 So moving the cancel of requeue+AF8-work into blk+AF8-mq+AF8-release() for
+AD4 avoiding race between requeue and freeing queue.
+AD4 
+AD4 Cc: Dongli Zhang +ADw-dongli.zhang+AEA-oracle.com+AD4
+AD4 Cc: James Smart +ADw-james.smart+AEA-broadcom.com+AD4
+AD4 Cc: Bart Van Assche +ADw-bart.vanassche+AEA-wdc.com+AD4
+AD4 Cc: linux-scsi+AEA-vger.kernel.org,
+AD4 Cc: Martin K . Petersen +ADw-martin.petersen+AEA-oracle.com+AD4,
+AD4 Cc: Christoph Hellwig +ADw-hch+AEA-lst.de+AD4,
+AD4 Cc: James E . J . Bottomley +ADw-jejb+AEA-linux.vnet.ibm.com+AD4,
+AD4 Cc: jianchao wang +ADw-jianchao.w.wang+AEA-oracle.com+AD4
+AD4 Signed-off-by: Ming Lei +ADw-ming.lei+AEA-redhat.com+AD4
+AD4 ---
+AD4
+AD4  block/blk-core.c +AHw 1 -
+AD4  block/blk-mq.c   +AHw 2 +-+-
+AD4  2 files changed, 2 insertions(+-), 1 deletion(-)
+AD4 
+AD4 diff --git a/block/blk-core.c b/block/blk-core.c
+AD4 index 4673ebe42255..6583d67f3e34 100644
+AD4 --- a/block/blk-core.c
+AD4 +-+-+- b/block/blk-core.c
+AD4 +AEAAQA -237,7 +-237,6 +AEAAQA void blk+AF8-sync+AF8-queue(struct request+AF8-queue +ACo-q)
+AD4                 struct blk+AF8-mq+AF8-hw+AF8-ctx +ACo-hctx+ADs
+AD4                 int i+ADs
+AD4  
+AD4 -               cancel+AF8-delayed+AF8-work+AF8-sync(+ACY-q-+AD4-requeue+AF8-work)+ADs
+AD4                 queue+AF8-for+AF8-each+AF8-hw+AF8-ctx(q, hctx, i)
+AD4                         cancel+AF8-delayed+AF8-work+AF8-sync(+ACY-hctx-+AD4-run+AF8-work)+ADs
+AD4         +AH0
+AD4 diff --git a/block/blk-mq.c b/block/blk-mq.c
+AD4 index 5b586affee09..b512ba0cb359 100644
+AD4 --- a/block/blk-mq.c
+AD4 +-+-+- b/block/blk-mq.c
+AD4 +AEAAQA -2626,6 +-2626,8 +AEAAQA void blk+AF8-mq+AF8-release(struct request+AF8-queue +ACo-q)
+AD4         struct blk+AF8-mq+AF8-hw+AF8-ctx +ACo-hctx+ADs
+AD4         unsigned int i+ADs
+AD4  
+AD4 +-       cancel+AF8-delayed+AF8-work+AF8-sync(+ACY-q-+AD4-requeue+AF8-work)+ADs
+AD4 +-
+AD4         /+ACo hctx kobj stays in hctx +ACo-/
+AD4         queue+AF8-for+AF8-each+AF8-hw+AF8-ctx(q, hctx, i) +AHs
+AD4                 if (+ACE-hctx)

Reviewed-by: Bart Van Assche +ADw-bvanassche+AEA-acm.org+AD4-