diff mbox series

null_blk: fix warning in blk_mq_start_request

Message ID tencent_03A5938DE6921DDDE9DD921956CFAD0DE007@qq.com (mailing list archive)
State New, archived
Headers show
Series null_blk: fix warning in blk_mq_start_request | expand

Commit Message

Edward Adam Davis Nov. 8, 2023, 2:46 a.m. UTC 
Before call blk_mq_start_request() in null_queue_rq(), initialize rq->state to
MQ_RQ_IDLE.

Reported-and-tested-by: syzbot+fcc47ba2476570cbbeb0@syzkaller.appspotmail.com
Signed-off-by: Edward Adam Davis <eadavis@qq.com>
---
 drivers/block/null_blk/main.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Bart Van Assche Nov. 8, 2023, 5:26 a.m. UTC | #1 
On 11/7/23 18:46, Edward Adam Davis wrote:
> Before call blk_mq_start_request() in null_queue_rq(), initialize rq->state to
> MQ_RQ_IDLE.
> 
> Reported-and-tested-by: syzbot+fcc47ba2476570cbbeb0@syzkaller.appspotmail.com
> Signed-off-by: Edward Adam Davis <eadavis@qq.com>
> ---
>   drivers/block/null_blk/main.c | 2 ++
>   1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/block/null_blk/main.c b/drivers/block/null_blk/main.c
> index 22a3cf7f32e2..0726534a5a24 100644
> --- a/drivers/block/null_blk/main.c
> +++ b/drivers/block/null_blk/main.c
> @@ -1724,6 +1724,8 @@ static blk_status_t null_queue_rq(struct blk_mq_hw_ctx *hctx,
>   	cmd->fake_timeout = should_timeout_request(rq) ||
>   		blk_should_fake_timeout(rq->q);
>   
> +	if (READ_ONCE(rq->state))
> +		WRITE_ONCE(rq->state, MQ_RQ_IDLE);
>   	blk_mq_start_request(rq);
>   
>   	if (should_requeue_request(rq)) {

All code that changes rq->state should occur in the block layer
core. Block drivers must not modify rq->state directly.

Bart.
Chaitanya Kulkarni Nov. 8, 2023, 6:40 a.m. UTC | #2 
On 11/7/2023 6:46 PM, Edward Adam Davis wrote:
> Before call blk_mq_start_request() in null_queue_rq(), initialize rq->state to
> MQ_RQ_IDLE.
> 
> Reported-and-tested-by: syzbot+fcc47ba2476570cbbeb0@syzkaller.appspotmail.com
> Signed-off-by: Edward Adam Davis <eadavis@qq.com>
> ---

do you have the actual report from syzkaller ?

-ck
Edward Adam Davis Nov. 8, 2023, 7:07 a.m. UTC | #3 
On Wed, 8 Nov 2023 06:40:38 +0000 Chaitanya Kulkarni wrote:
>> Before call blk_mq_start_request() in null_queue_rq(), initialize rq->state to
>> MQ_RQ_IDLE.
>>
>> Reported-and-tested-by: syzbot+fcc47ba2476570cbbeb0@syzkaller.appspotmail.com
>> Signed-off-by: Edward Adam Davis <eadavis@qq.com>
>> ---
>
>do you have the actual report from syzkaller ?
you mean these?
https://lore.kernel.org/all/0000000000006510b406099a92ea@google.com/
https://lore.kernel.org/all/000000000000f0db9606099e70a1@google.com/

edward
diff mbox series

Patch

diff --git a/drivers/block/null_blk/main.c b/drivers/block/null_blk/main.c
index 22a3cf7f32e2..0726534a5a24 100644
--- a/drivers/block/null_blk/main.c
+++ b/drivers/block/null_blk/main.c
@@ -1724,6 +1724,8 @@  static blk_status_t null_queue_rq(struct blk_mq_hw_ctx *hctx,
 	cmd->fake_timeout = should_timeout_request(rq) ||
 		blk_should_fake_timeout(rq->q);
 
+	if (READ_ONCE(rq->state))
+		WRITE_ONCE(rq->state, MQ_RQ_IDLE);
 	blk_mq_start_request(rq);
 
 	if (should_requeue_request(rq)) {