| Message ID | 20241008115756.355936-2-hch@lst.de (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [1/2] block: also mark disk-owned queues as dying in __blk_mark_disk_dead | expand |
On (24/10/08 13:57), Christoph Hellwig wrote: > When del_gendisk shuts down access to a gendisk, it could lead to a > deadlock with sd or, which try to submit passthrough SCSI commands from > their ->release method under open_mutex. The submission can be blocked > in blk_enter_queue while del_gendisk can't get to actually telling them > top stop and wake them up. > > As the disk is going away there is no real point in sending these > commands, but we have no really good way to distinguish between the > cases. For now mark even standalone (aka SCSI queues) as dying in > del_gendisk to avoid this deadlock, but the real fix will be to split > freeing a disk from freezing a queue for not disk associated requests. > > Reported-by: Sergey Senozhatsky <senozhatsky@chromium.org> > Signed-off-by: Christoph Hellwig <hch@lst.de> FWIW Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org> [..] > if (!test_bit(GD_OWNS_QUEUE, &disk->state)) { > + if (test_bit(QUEUE_FLAG_RESURRECT, &q->queue_flags)) > + clear_bit(QUEUE_FLAG_DYING, &q->queue_flags); Don't know if we also want to clear QUEUE_FLAG_RESURRECT here, just in case. > blk_queue_flag_clear(QUEUE_FLAG_INIT_DONE, q); > __blk_mq_unfreeze_queue(q, true); > } else {
On Wed, Oct 09, 2024 at 02:06:02PM +0900, Sergey Senozhatsky wrote: > > if (!test_bit(GD_OWNS_QUEUE, &disk->state)) { > > + if (test_bit(QUEUE_FLAG_RESURRECT, &q->queue_flags)) > > + clear_bit(QUEUE_FLAG_DYING, &q->queue_flags); > > Don't know if we also want to clear QUEUE_FLAG_RESURRECT here, just in > case. Yes, we really should do that.
diff --git a/block/genhd.c b/block/genhd.c index 1c05dd4c6980b5..ac1c496ad43343 100644 --- a/block/genhd.c +++ b/block/genhd.c @@ -589,8 +589,16 @@ static void __blk_mark_disk_dead(struct gendisk *disk) if (test_and_set_bit(GD_DEAD, &disk->state)) return; - if (test_bit(GD_OWNS_QUEUE, &disk->state)) - blk_queue_flag_set(QUEUE_FLAG_DYING, disk->queue); + /* + * Also mark the disk dead if it is not owned by the gendisk. This + * means we can't allow /dev/sg passthrough or SCSI internal commands + * while unbinding a ULP. That is more than just a bit ugly, but until + * we untangle q_usage_counter into one owned by the disk and one owned + * by the queue this is as good as it gets. The flag will be cleared + * at the end of del_gendisk if it wasn't set before. + */ + if (!test_and_set_bit(QUEUE_FLAG_DYING, &disk->queue->queue_flags)) + set_bit(QUEUE_FLAG_RESURRECT, &disk->queue->queue_flags); /* * Stop buffered writers from dirtying pages that can't be written out. @@ -719,6 +727,8 @@ void del_gendisk(struct gendisk *disk) * again. Else leave the queue frozen to fail all I/O. */ if (!test_bit(GD_OWNS_QUEUE, &disk->state)) { + if (test_bit(QUEUE_FLAG_RESURRECT, &q->queue_flags)) + clear_bit(QUEUE_FLAG_DYING, &q->queue_flags); blk_queue_flag_clear(QUEUE_FLAG_INIT_DONE, q); __blk_mq_unfreeze_queue(q, true); } else { diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h index 50c3b959da2816..391e3eb3bb5e61 100644 --- a/include/linux/blkdev.h +++ b/include/linux/blkdev.h @@ -590,6 +590,7 @@ struct request_queue { /* Keep blk_queue_flag_name[] in sync with the definitions below */ enum { QUEUE_FLAG_DYING, /* queue being torn down */ + QUEUE_FLAG_RESURRECT, /* temporarily dying */ QUEUE_FLAG_NOMERGES, /* disable merge attempts */ QUEUE_FLAG_SAME_COMP, /* complete on same CPU-group */ QUEUE_FLAG_FAIL_IO, /* fake timeout */
When del_gendisk shuts down access to a gendisk, it could lead to a deadlock with sd or, which try to submit passthrough SCSI commands from their ->release method under open_mutex. The submission can be blocked in blk_enter_queue while del_gendisk can't get to actually telling them top stop and wake them up. As the disk is going away there is no real point in sending these commands, but we have no really good way to distinguish between the cases. For now mark even standalone (aka SCSI queues) as dying in del_gendisk to avoid this deadlock, but the real fix will be to split freeing a disk from freezing a queue for not disk associated requests. Reported-by: Sergey Senozhatsky <senozhatsky@chromium.org> Signed-off-by: Christoph Hellwig <hch@lst.de> --- block/genhd.c | 14 ++++++++++++-- include/linux/blkdev.h | 1 + 2 files changed, 13 insertions(+), 2 deletions(-)