[PATCH OLK-6.6 0/2] fix queue start/stop imbalance under race
Zheng Qixing (2): dm: fix queue start/stop imbalance under suspend/load/resume races dm: fix queue start/stop imbalance under remove/resume races drivers/md/dm-core.h | 1 + drivers/md/dm.c | 11 ++++++++--- 2 files changed, 9 insertions(+), 3 deletions(-) -- 2.39.2
mainline inclusion from mainline-v6.18-rc1 commit 7f597c2cdb9d3263a6fce07c4fc0a9eaa8e8fc43 category: bugfix bugzilla: https://atomgit.com/openeuler/kernel/issues/7056 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... ------------------ When suspend and load run concurrently, before q->mq_ops is set in blk_mq_init_allocated_queue(), __dm_suspend() skip dm_stop_queue(). As a result, the queue's quiesce depth is not incremented. Later, once table load has finished and __dm_resume() runs, which triggers q->quiesce_depth ==0 warning in blk_mq_unquiesce_queue(): Call Trace: <TASK> dm_start_queue+0x16/0x20 [dm_mod] __dm_resume+0xac/0xb0 [dm_mod] dm_resume+0x12d/0x150 [dm_mod] do_resume+0x2c2/0x420 [dm_mod] dev_suspend+0x30/0x130 [dm_mod] ctl_ioctl+0x402/0x570 [dm_mod] dm_ctl_ioctl+0x23/0x30 [dm_mod] Fix this by explicitly tracking whether the request queue was stopped in __dm_suspend() via a new DMF_QUEUE_STOPPED flag. Only call dm_start_queue() in __dm_resume() if the queue was actually stopped. Fixes: e70feb8b3e68 ("blk-mq: support concurrent queue quiesce/unquiesce") Cc: stable@vger.kernel.org Signed-off-by: Zheng Qixing <zhengqixing@huawei.com> Signed-off-by: Mikulas Patocka <mpatocka@redhat.com> Conflicts: drivers/md/dm-core.h [Context conflicts.] drivers/md/dm.c [Due to merging commit b0cd3be925ca ("dm: fix NULL pointer dereference in __dm_suspend()").] Signed-off-by: Zheng Qixing <zhengqixing@huawei.com> --- drivers/md/dm-core.h | 1 + drivers/md/dm.c | 8 +++++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/md/dm-core.h b/drivers/md/dm-core.h index e6757a30dcca..8a42c1590ece 100644 --- a/drivers/md/dm-core.h +++ b/drivers/md/dm-core.h @@ -161,6 +161,7 @@ struct mapped_device { #define DMF_SUSPENDED_INTERNALLY 7 #define DMF_POST_SUSPENDING 8 #define DMF_EMULATE_ZONE_APPEND 9 +#define DMF_QUEUE_STOPPED 10 void disable_discard(struct mapped_device *md); void disable_write_zeroes(struct mapped_device *md); diff --git a/drivers/md/dm.c b/drivers/md/dm.c index 670460ade280..766a0f5f6c46 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -2744,8 +2744,10 @@ static int __dm_suspend(struct mapped_device *md, struct dm_table *map, * Stop md->queue before flushing md->wq in case request-based * dm defers requests to md->wq from md->queue. */ - if (map && dm_request_based(md)) + if (map && dm_request_based(md)) { dm_stop_queue(md->queue); + set_bit(DMF_QUEUE_STOPPED, &md->flags); + } flush_workqueue(md->wq); @@ -2768,7 +2770,7 @@ static int __dm_suspend(struct mapped_device *md, struct dm_table *map, if (r < 0) { dm_queue_flush(md); - if (dm_request_based(md)) + if (test_and_clear_bit(DMF_QUEUE_STOPPED, &md->flags)) dm_start_queue(md->queue); unlock_fs(md); @@ -2852,7 +2854,7 @@ static int __dm_resume(struct mapped_device *md, struct dm_table *map) * so that mapping of targets can work correctly. * Request-based dm is queueing the deferred I/Os in its request_queue. */ - if (dm_request_based(md)) + if (test_and_clear_bit(DMF_QUEUE_STOPPED, &md->flags)) dm_start_queue(md->queue); unlock_fs(md); -- 2.39.2
hulk inclusion category: bugfix bugzilla: https://atomgit.com/openeuler/kernel/issues/7056 ------------------ When dm remove races with resume, DMF_SUSPENDED may be set by __dm_destroy(), without actually quiescing the request queue. Then in __dm_resume(), it will call dm_start_queue() for request-based devices. This results in blk_mq_unquiesce_queue() being invoked with q->quiesce_depth == 0, triggering: WARNING: at block/blk-mq.c blk_mq_unquiesce_queue+0xa0/0xc0 Call Trace: <TASK> dm_start_queue+0x16/0x20 [dm_mod] __dm_resume+0xac/0xb0 [dm_mod] dm_resume+0x12d/0x150 [dm_mod] do_resume+0x2c2/0x420 [dm_mod] dev_suspend+0x30/0x130 [dm_mod] ctl_ioctl+0x402/0x570 [dm_mod] dm_ctl_ioctl+0x23/0x30 [dm_mod] Fix it by adding check of DMF_FREEING in dm_resume(). If the mapped device is being destroyed, simply bail out early and skip resume. This prevents unbalanced start/stop of the queue during the remove/resume race. Fixes: e70feb8b3e68 ("blk-mq: support concurrent queue quiesce/unquiesce") Signed-off-by: Zheng Qixing <zhengqixing@huawei.com> --- drivers/md/dm.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/md/dm.c b/drivers/md/dm.c index 766a0f5f6c46..6b16f64be9bd 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -2874,6 +2874,9 @@ int dm_resume(struct mapped_device *md) if (!dm_suspended_md(md)) goto out; + if (test_bit(DMF_FREEING, &md->flags)) + goto out; + if (dm_suspended_internally_md(md)) { /* already internally suspended, wait for internal resume */ mutex_unlock(&md->suspend_lock); -- 2.39.2
反馈: 您发送到kernel@openeuler.org的补丁/补丁集,已成功转换为PR! PR链接地址: https://atomgit.com/openeuler/kernel/merge_requests/21403 邮件列表地址:https://mailweb.openeuler.org/archives/list/kernel@openeuler.org/message/CAR... FeedBack: The patch(es) which you have sent to kernel@openeuler.org mailing list has been converted to a pull request successfully! Pull request link: https://atomgit.com/openeuler/kernel/merge_requests/21403 Mailing list address: https://mailweb.openeuler.org/archives/list/kernel@openeuler.org/message/CAR...
participants (2)
-
patchwork bot -
Zheng Qixing