From: Muthukumar Ratty <muthur@xxxxxxxxx> commit e81ca6fe85b77109a32489a5db82f575d51dfc98 upstream. If the queue is dead blk_execute_rq_nowait() doesn't invoke the done() callback function. That will result in blk_execute_rq() being stuck in wait_for_completion(). Avoid this by initializing rq->end_io to the done() callback before we check the queue state. Also, make sure the queue lock is held around the invocation of the done() callback. Found this through source code review. Signed-off-by: Muthukumar Ratty <muthur@xxxxxxxxx> Signed-off-by: Bart Van Assche <bvanassche@xxxxxxx> Reviewed-by: Tejun Heo <tj@xxxxxxxxxx> Acked-by: Jens Axboe <axboe@xxxxxxxxx> Signed-off-by: James Bottomley <JBottomley@xxxxxxxxxxxxx> [bwh: Backported to 2.6.32: adjust context] Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx> --- This is another fix-up for "fix crash in scsi_dispatch_cmd()" applied in 2.6.32.61. Ben. block/blk-exec.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/block/blk-exec.c b/block/blk-exec.c index ae0f2c7..2ecb362 100644 --- a/block/blk-exec.c +++ b/block/blk-exec.c @@ -43,6 +43,9 @@ static void blk_end_sync_rq(struct request *rq, int error) * Description: * Insert a fully prepared request at the back of the I/O scheduler queue * for execution. Don't wait for completion. + * + * Note: + * This function will invoke @done directly if the queue is dead. */ void blk_execute_rq_nowait(struct request_queue *q, struct gendisk *bd_disk, struct request *rq, int at_head, @@ -51,18 +54,20 @@ void blk_execute_rq_nowait(struct request_queue *q, struct gendisk *bd_disk, int where = at_head ? ELEVATOR_INSERT_FRONT : ELEVATOR_INSERT_BACK; WARN_ON(irqs_disabled()); + + rq->rq_disk = bd_disk; + rq->end_io = done; + spin_lock_irq(q->queue_lock); if (unlikely(test_bit(QUEUE_FLAG_DEAD, &q->queue_flags))) { - spin_unlock_irq(q->queue_lock); rq->errors = -ENXIO; if (rq->end_io) rq->end_io(rq, rq->errors); + spin_unlock_irq(q->queue_lock); return; } - rq->rq_disk = bd_disk; - rq->end_io = done; __elv_add_request(q, rq, where, 1); __generic_unplug_device(q); /* the queue is stopped so it won't be plugged+unplugged */ -- Ben Hutchings Experience is directly proportional to the value of equipment destroyed. - Carolyn Scheppner
Attachment:
signature.asc
Description: This is a digitally signed message part