Hi,
Since 45a9c9d909b2 ("blk-mq: Fix a use-after-free"), run queue isn't
allowed during cleanup queue even though queue refcount is held.
This change has caused lots of kernel oops triggered in run queue path,
turns out it isn't easy to fix them all.
So move freeing of hw queue resources into hctx's release handler, then
the above issue is fixed. Meantime, this way is safe given freeing hw
queue resource doesn't require tags.
V3 covers more races.
V4:
- add patch for fixing potential use-after-free in blk_mq_update_nr_hw_queues
- fix comment in the last patch
V3:
- cancel q->requeue_work in queue's release handler
- cancel hctx->run_work in hctx's release handler
- add patch 1 for fixing race in plug code path
- the last patch is added for avoiding to grab SCSI's refcont
in IO path
V2:
- moving freeing hw queue resources into hctx's release handler
Ming Lei (7):
blk-mq: grab .q_usage_counter when queuing request from plug code path
blk-mq: move cancel of requeue_work into blk_mq_release
blk-mq: quiesce queue before updating nr_hw_queues
blk-mq: free hw queue's resource in hctx's release handler
blk-mq: move cancel of hctx->run_work into blk_mq_hw_sysfs_release
block: don't drain in-progress dispatch in blk_cleanup_queue()
SCSI: don't hold device refcount in IO path
block/blk-core.c | 23 +----------------------
block/blk-mq-sysfs.c | 8 ++++++++
block/blk-mq.c | 25 +++++++++++++++++--------
block/blk-mq.h | 2 +-
drivers/scsi/scsi_lib.c | 28 ++--------------------------
5 files changed, 29 insertions(+), 57 deletions(-)
Cc: Dongli Zhang <dongli.zhang@xxxxxxxxxx>
Cc: James Smart <james.smart@xxxxxxxxxxxx>
Cc: Bart Van Assche <bart.vanassche@xxxxxxx>
Cc: linux-scsi@xxxxxxxxxxxxxxx,
Cc: Martin K . Petersen <martin.petersen@xxxxxxxxxx>,
Cc: Christoph Hellwig <hch@xxxxxx>,
Cc: James E . J . Bottomley <jejb@xxxxxxxxxxxxxxxxxx>,
Cc: jianchao wang <jianchao.w.wang@xxxxxxxxxx>
--
2.9.5
