Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp806520imm; Fri, 13 Jul 2018 06:42:37 -0700 (PDT) X-Google-Smtp-Source: AAOMgpdXujE7DyQYF4+u1hoigHF5uCfSdqP3BYheRKNLdiAGPFXX5S4+ViJ3ym1/PFFUpOlq2bku X-Received: by 2002:a63:6383:: with SMTP id x125-v6mr6157513pgb.127.1531489357650; Fri, 13 Jul 2018 06:42:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1531489357; cv=none; d=google.com; s=arc-20160816; b=gIPYOhOx+7L9hgPXtp2RMC9YYKYx84C/tftZjiaUbxkfvCGY0ZYsmcZUSnjZBy1Ujg J3sk5MorrsfVaBmSC3k4CyhGodcqoxKrWUrKESxWzQCkh7ATRC9Xa6pwr7s3Zjv0WJaP kYokYGJNHBDGd0ArQMhY/mN74I0oEJKyb/yoUZP5+nE18p94AU//XAsIjvk66Pxlyaeu /ZrYW3uzAAIyn6xrGvx2s6lKxByT4TQCrrs3dyHMcVfmzMQnvb5fDcUx0qPa0kuWpgzk ZNKmUSmVv8P9cBDBBj1xjGYfDP4eMqSKjR0Hrfm8UnhbFYKsK3gv6lCPu5KRKdi5YPYy 4OYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=aBlaugupoF65hODnuUqXu/mB+ibRSiFdYjsxKlCzGyA=; b=patZ6CoGIZgxP9Y1lxb6heEl4iVJHWbHIukltfj5qJiGtiB19EQuWrtU9O1YWvOl7p Emso7mh5NgmyyS3fo4hoUzAAFboA8Ds0PPshRbjMQmdoMDMNSwIRx0qrATndx+PAJNOM 9IyswOF8WpibWHDdmDMKmCSorotW27wf1QhuPrcG4sdgKPgBz4jieX1wsgedxNJoyPuX bo59pB9WGrEfxxut7GWQ+AQm1QvPfUDZq0fwVyNCLRDVFejW0Ly2iBcoyFIO5JVY597S T3R5akA2xDtN++U9vmwBg966DWsQQ8H7LUZ7oVgoa5rrroe2ZKhy3FKATbpD0oY85pSk KkDw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Yg6Gb1nG; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r128-v6si4345098pgr.634.2018.07.13.06.42.22; Fri, 13 Jul 2018 06:42:37 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Yg6Gb1nG; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731264AbeGMN41 (ORCPT + 99 others); Fri, 13 Jul 2018 09:56:27 -0400 Received: from mail-wr1-f65.google.com ([209.85.221.65]:35316 "EHLO mail-wr1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729726AbeGMN40 (ORCPT ); Fri, 13 Jul 2018 09:56:26 -0400 Received: by mail-wr1-f65.google.com with SMTP id a3-v6so15953346wrt.2; Fri, 13 Jul 2018 06:41:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=aBlaugupoF65hODnuUqXu/mB+ibRSiFdYjsxKlCzGyA=; b=Yg6Gb1nG0aEHPeVHKnAED6b24tg0+AuDRBVnQ40rzldwyVxc+QLk34/lnV3KFRGGbQ 9rcuSfGyYBBNWR9kTgJnl93mD3RMlu5cVZ1r3PGNocM6s6/BkM4ooa1sT0K2Q7anEe5a +gmwizvvrQYGN/N6HavP4/0WIlj+2wRzDvdHO3oQIuQoepopSEwMuCy+HcripVRBfrlm uB0r46s2vYT5hQ4x9bqp6s1SfytAjxfqPBrrk9N2NDmCgsZkuWH8jmXhcaN6RKvJ0wnw 9kAnZ3E0MHohhWQnLfaNap7WsYo6DmnNT3i15vPsjhKsRPL4O4eCE++oXIYWec61xsET m80A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=aBlaugupoF65hODnuUqXu/mB+ibRSiFdYjsxKlCzGyA=; b=IPMqN3JkYouE79sdUDXMf/MXmRZhUbzfIg4TPYHAPxPILHUb++/VV+RGbncR6Km2L2 dXOO7mjoLaHnbKwRC9QD5Q0uG8oRbaL3NGRc3tP5N0lYa9O9JIYeIT81UtqImM0OBfO6 q757ZhHdJOO48VACK4XTinh7IZSGvR5l6oK67c1TAxQxO2gyLo/KrrkH/JSOV51JG0hD 9aipcXcTExYBmcIN349HEY6teJDYshO3qYPbmLThP/6mfRZ54oS/lZ9HQrPBJw6ZDZ8L YRQ3QhPqTiJKoviIBlTRbZP26u796wf3U1V9vKTNUPpPRRrykTQuindSk7v7+bT8uSiQ g5Eg== X-Gm-Message-State: AOUpUlFkeQTeP39BSo0KdQbUqj7ReZwOS7xWiwe30Vn/tlyG/2TGfhjU NWHKJ9GX8ATeBMo7PeSTnZ8jpb1wmzTooTE4LJc= X-Received: by 2002:adf:83c6:: with SMTP id 64-v6mr4426527wre.5.1531489302688; Fri, 13 Jul 2018 06:41:42 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a1c:9c8:0:0:0:0:0 with HTTP; Fri, 13 Jul 2018 06:41:41 -0700 (PDT) In-Reply-To: References: From: Ming Lei Date: Fri, 13 Jul 2018 21:41:41 +0800 Message-ID: Subject: Re: [PATCH] block: fix NPE when resuming SCSI devices using blk-mq To: Patrick Steinhardt Cc: Jens Axboe , linux-block , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jul 13, 2018 at 9:29 PM, Patrick Steinhardt wrote: > When power management for SCSI is enabled and if a device uses blk-mq, > it is possible to trigger a `NULL` pointer exception when resuming that > device. The NPE is triggered when trying to dereference the `request_fn` > function pointer of the device's `request_queue`: > > __blk_run_queue_uncond:470 > __blk_run_queue:490 > blk_post_runtime_resume:3889 > sdev_runtime_resume:263 > scsi_runtime_resume:275 > > When the SCSI device is being allocated by `scsi_alloc_sdev`, the > device's request queue will either be initialized via > `scsi_mq_alloc_queue` or `scsi_old_alloc_queue`. But the `request_fn` > member of the request queue is in fact only being set in > `scsi_old_alloc_queue`, which will then later cause the mentioned NPE. > > Fix the issue by checking whether the `request_fn` is set in > `__blk_run_queue_uncond`. In case it is unset, we'll silently return and > not try to invoke the callback, thus fixing the NPE. > > Signed-off-by: Patrick Steinhardt > --- > > Since at least v4.14, I am easily able to trigger above NPE by > unplugging USB mass storage devices on my computer (Skylake, ASUS > Z170I) with CONFIG_SCSI_MQ_DEFAULT=y. The attached patch fixes > the issue, but keep in mind that this is my first patch, so the > proposed fix may not be appropriate at all. Feedback would be > highly appreciated. > > block/blk-core.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/block/blk-core.c b/block/blk-core.c > index f84a9b7b6f5a..0a2041660cd9 100644 > --- a/block/blk-core.c > +++ b/block/blk-core.c > @@ -456,7 +456,7 @@ inline void __blk_run_queue_uncond(struct request_queue *q) > lockdep_assert_held(q->queue_lock); > WARN_ON_ONCE(q->mq_ops); > > - if (unlikely(blk_queue_dead(q))) > + if (unlikely(!q->request_fn) || unlikely(blk_queue_dead(q))) > return; > Now runtime PM is disabled for blk-mq/scsi_mq, not sure how this issue is triggered on your machine. Could you share the steps for reproducing this issue? Thanks, Ming Lei