| Message ID | 20210406214905.21622-1-bvanassche@acm.org (mailing list archive) |
|---|---|
| Headers | show |
| Series | blk-mq: Fix a race between iterating over requests and freeing requests | expand |
On Apr 06, 2021 / 14:49, Bart Van Assche wrote: > Hi Jens, > > This patch series fixes the race between iterating over requests and > freeing requests that has been reported by multiple different users over > the past two years. Please consider this patch series for kernel v5.13. > > Thanks, > > Bart. > > Changes between v5 and v6: > - Fixed an additional race between iterating over tags and freeing scheduler > requests that was spotted by Khazhy. > - Added two patches to fix the race conditions between updating the number of > hardware queues and iterating over a tag set. > > Changes between v4 and v5: > - Addressed Khazhy's review comments. Note: the changes that have been made > in v5 only change behavior in case CONFIG_PROVE_RCU=y. > > Changes between v3 and v4: > - Fixed support for tag sets shared across hardware queues. > - Renamed blk_mq_wait_for_tag_readers() into blk_mq_wait_for_tag_iter(). > - Removed the fourth argument of blk_mq_queue_tag_busy_iter() again. > > Changes between v2 and v3: > - Converted the single v2 patch into a series of three patches. > - Switched from SRCU to a combination of RCU and semaphores. > > Changes between v1 and v2: > - Reformatted patch description. > - Added Tested-by/Reviewed-by tags. > - Changed srcu_barrier() calls into synchronize_srcu() calls. I applied this v6 series on top of the kernel v5.12-rc6 and tested again. I needed to apply another dependent fix patch [1] also to avoid conflict. [1] https://marc.info/?l=linux-block&m=161545067909064&w=2 I confirmed this series fixes the use-after-free issue, and observed no regression in my test set. For the series, especially for the patches #3-5, Tested-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
On 4/7/21 11:45 PM, Shinichiro Kawasaki wrote: > I applied this v6 series on top of the kernel v5.12-rc6 and tested again. > I needed to apply another dependent fix patch [1] also to avoid conflict. > > [1] https://marc.info/?l=linux-block&m=161545067909064&w=2 > > I confirmed this series fixes the use-after-free issue, and observed no > regression in my test set. For the series, especially for the patches #3-5, > > Tested-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com> Hi Shin'ichiro, Thanks again for the testing. You may want to know that this series has been prepared and tested on top of Jens' for-next branch (https://git.kernel.dk/cgit/linux-block/log/?h=for-next). Bart.
Hi Jens, This patch series fixes the race between iterating over requests and freeing requests that has been reported by multiple different users over the past two years. Please consider this patch series for kernel v5.13. Thanks, Bart. Changes between v5 and v6: - Fixed an additional race between iterating over tags and freeing scheduler requests that was spotted by Khazhy. - Added two patches to fix the race conditions between updating the number of hardware queues and iterating over a tag set. Changes between v4 and v5: - Addressed Khazhy's review comments. Note: the changes that have been made in v5 only change behavior in case CONFIG_PROVE_RCU=y. Changes between v3 and v4: - Fixed support for tag sets shared across hardware queues. - Renamed blk_mq_wait_for_tag_readers() into blk_mq_wait_for_tag_iter(). - Removed the fourth argument of blk_mq_queue_tag_busy_iter() again. Changes between v2 and v3: - Converted the single v2 patch into a series of three patches. - Switched from SRCU to a combination of RCU and semaphores. Changes between v1 and v2: - Reformatted patch description. - Added Tested-by/Reviewed-by tags. - Changed srcu_barrier() calls into synchronize_srcu() calls. Bart Van Assche (5): blk-mq: Move the elevator_exit() definition blk-mq: Introduce atomic variants of blk_mq_(all_tag|tagset_busy)_iter blk-mq: Fix races between iterating over requests and freeing requests blk-mq: Make it safe to use RCU to iterate over blk_mq_tag_set.tag_list blk-mq: Fix a race between blk_mq_update_nr_hw_queues() and iterating over tags block/blk-core.c | 34 +++++++++- block/blk-mq-tag.c | 128 ++++++++++++++++++++++++++++++++++---- block/blk-mq-tag.h | 6 +- block/blk-mq.c | 31 ++++++--- block/blk-mq.h | 1 + block/blk.h | 11 +--- block/elevator.c | 9 +++ drivers/scsi/hosts.c | 16 ++--- drivers/scsi/ufs/ufshcd.c | 4 +- include/linux/blk-mq.h | 2 + 10 files changed, 202 insertions(+), 40 deletions(-)