Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp227923img; Thu, 21 Mar 2019 18:39:04 -0700 (PDT) X-Google-Smtp-Source: APXvYqyD29InIISZZegv2vBKzUytIxWgmRhEf/Be104qvvNt7ZzKXIqeoGpLEgOdXziduIPRC3RK X-Received: by 2002:a62:1a06:: with SMTP id a6mr6442008pfa.18.1553218744289; Thu, 21 Mar 2019 18:39:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553218744; cv=none; d=google.com; s=arc-20160816; b=cHxqLqhLXtOn9v6XJ4sfAaoL7dC+VCrHqxQiwajwTWlMqaNWHHqFxfkkHxHemCnVSt OKZCsElwzdJ0S+/Aplgx4REoD8fCW6H19LvlfXhMfc/r++bNVqQOVO5wrjmVfEMVT8Mz +gBYZaFZ8PUu8l1ZZx/PtOn0nmUOvJg7Zk26AxPEJX2iQ0p3gETWKKmqWAY61TOdjHPM 2DsAJKHk4YvypzKzOnCrPDjfS9eMEGTqfyVqfCa73dun7ahKAaIOGE7546YpE2pGDsQG 6m10KSZJlOigdsR0WNuMh50ZLeW0zp3qIFO9JdSJChCVAfnp4fOy7FUcltfSGwLUz65k xXZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=1/3BLBs+NZoUy1C7+Hlzcf7aTKxLJB//TToq25uSSrI=; b=PwlF+mLp40DNowFOIlVvw5LtATgswGg52HxLrX9nd2dUwTkC5dg4HNFxOY6dmS3nxp qn2Ze5yHfq1F0b5R1nYfJJFNwfJdCfbDGMMADtWqL8ETq0+HqYA3SUR8hdE7YVb1KWrZ hjZogKmtg+I7fvXrZtWc2SuD/i7fNDEvXthgZJCG0WPHRm8boAAYG3rLfB18xdmHqYiW mxIWkfAuUlsQ4V2lDIET648A6wmxTTrLRoQ/DDgrEMTsnM548nIitQNn9tIJIdoHMoBH S8oDgZzsVlr4vhrDPnBgRMm4VjJZzGZqwITDot1VGiLm0UjHWyV8jXads0LLT9dPqDT5 Gu4g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=TPLS491r; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k7si5550063pfb.69.2019.03.21.18.38.46; Thu, 21 Mar 2019 18:39:04 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=TPLS491r; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727533AbfCVBgh (ORCPT + 99 others); Thu, 21 Mar 2019 21:36:37 -0400 Received: from mail-wr1-f65.google.com ([209.85.221.65]:45050 "EHLO mail-wr1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727397AbfCVBgh (ORCPT ); Thu, 21 Mar 2019 21:36:37 -0400 Received: by mail-wr1-f65.google.com with SMTP id w2so559363wrt.11; Thu, 21 Mar 2019 18:36:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=1/3BLBs+NZoUy1C7+Hlzcf7aTKxLJB//TToq25uSSrI=; b=TPLS491r+kr4rAFn2l6VF3CVX7AWSPHVqqJu54RBhlfGPe55+H3wsuYPUZkanZpT6V Nk40VE4rzhflA2Zu7xuvMVEt4lvyQ2bhuErboeRA7YXMkNKJFOjm5GvJ7mxnLvMBZu/x co/8chhshn2mA+TGXJjNr7haIwyUhfSHwasDtypTIWwClrl+FleZlETLcRv9R1RPSmKx qnE0g0KlnaWPhJGF5JBQPnQARH67oUB8YYvV2kAvEzQzZ0ZDIJzvrV1Z2TmL9AZ0e4Fn kQexGONcbqcKYmuVff0wVx8gFnk5kAsLYCOcCEHEqUyfbxkAOH7I0tkVy/kqnAsqaWEw T1bg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=1/3BLBs+NZoUy1C7+Hlzcf7aTKxLJB//TToq25uSSrI=; b=fMD3pFmOwm4nddmxxcOUwHHaUh2M40M/0wBlCVzTmanDRgqKk/6nt+rIxlacmGH38Q kxnhzI7v75Ytrh/K9qEIzx9AglF8eWOh7fANG1UHz56kuxv9Axgsrl6vtQBV0fHACV3l /IHc0aPoahgZqFJulimIK75kVNWL8VQ6Oyn9OJXnFX32oZpkuu6sVOpXA5/u03jMg7Tg 3uRlGbKlUQpyWnP6laXIsb2C+26EKvago9B0CwGG9b+eW6m0WnxJSNW2J8UnVlrHESvK +Ui8dr7eRWwoMYBDCB9nUmm3dDnmNgFCo5Jn9MszmM/oK/rGm/Z6tyj1DZoa8ygR+3GU soxg== X-Gm-Message-State: APjAAAXe2AV106tY6EhMThfsc0bIPlLKkeh0ZwqWNy8MLtFvSCqNLpvV +tgvqWhhSy8IVXjkLy+Xej6vwxlx5uzjv67+W1U= X-Received: by 2002:adf:b60a:: with SMTP id f10mr4349048wre.116.1553218595527; Thu, 21 Mar 2019 18:36:35 -0700 (PDT) MIME-Version: 1.0 References: <20190316020905.14962-1-yanaijie@huawei.com> <1553193542.65329.119.camel@acm.org> In-Reply-To: <1553193542.65329.119.camel@acm.org> From: Ming Lei Date: Fri, 22 Mar 2019 09:36:23 +0800 Message-ID: Subject: Re: [RFC PATCH v2] scsi: fix oops in scsi_uninit_cmd() To: Bart Van Assche Cc: Jason Yan , "Martin K. Petersen" , James Bottomley , Linux SCSI List , Linux Kernel Mailing List , Hannes Reinecke , Christoph Hellwig Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Mar 22, 2019 at 2:39 AM Bart Van Assche wrote: > > On Sat, 2019-03-16 at 10:09 +0800, Jason Yan wrote: > > If we remove the scsi disk when running io with fio, oops occured with > > the following condition. > > > > [scsi_eh_0] [fio] > > scsi_end_request > > ->blk_update_request > > ->end_bio(io returned to userspace) > > close > > ->sd_release > > ->scsi_disk_put > > ->scsi_disk_release > > ->disk->private_da= ta =3D NULL; > > > > ->scsi_mq_uninit_cmd > > ->scsi_uninit_cmd > > ->scsi_cmd_to_driver > > ->drv is NULL, Oops > > > > There is a small window between blk_update_request() and > > scsi_mq_uninit_cmd() that scsi disk may have been released. This will > > cause a oops like below: > > > > Unable to handle kernel NULL pointer dereference at virtual address > > 0000000000000000 > > s/sync.c:67, func=3Dxfer, error=3DIn[11347.116050] Mem abort info: > > put/output error > > [11347.121598] ESR =3D 0x96000006 > > [11347.126200] Exception class =3D DABT (current EL), IL =3D 32 bits > > [11347.132117] SET =3D 0, FnV =3D 0 > > [11347.135170] EA =3D 0, S1PTW =3D 0 > > [11347.138308] Data abort info: > > [11347.141186] ISV =3D 0, ISS =3D 0x00000006 > > [11347.145019] CM =3D 0, WnR =3D 0 > > [11347.147977] user pgtable: 4k pages, 48-bit VAs, pgdp =3D > > 00000000a67aece2 > > [11347.154591] [0000000000000000] pgd=3D0000002f90774003, > > pud=3D0000002fab098003, pmd=3D0000000000000000 > > [11347.163304] Internal error: Oops: 96000006 [#1] PREEMPT SMP > > [11347.168870] Modules linked in: hisi_sas_v3_hw hisi_sas_main libsas > > [11347.175044] CPU: 56 PID: 4294 Comm: scsi_eh_2 Not tainted > > 4.19.0-g8052059-dirty #2 > > [11347.182600] Hardware name: Huawei D06/D06, BIOS Hisilicon D06 UEFI > > RC0 - B601 (V6.01) 11/08/2018 > > [11347.191370] pstate: a0c00009 (NzCv daif =E3=B0=83=E7=B9=90=CE=B5=ED= =9D=BE=E3=AF=97 > > Please verify whether the following patch is a valid alternative for your= patch: > > diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c > index ed34bfbc3844..745ffdda1bc1 100644 > --- a/drivers/scsi/sd.c > +++ b/drivers/scsi/sd.c > @@ -1408,6 +1408,7 @@ static void sd_release(struct gendisk *disk, fmode_= t mode) > { > struct scsi_disk *sdkp =3D scsi_disk(disk); > struct scsi_device *sdev =3D sdkp->device; > + struct request_queue *q =3D sdkp->disk->queue; > > SCSI_LOG_HLQUEUE(3, sd_printk(KERN_INFO, sdkp, "sd_release\n")); > > @@ -1417,9 +1418,12 @@ static void sd_release(struct gendisk *disk, fmode= _t mode) > } > > /* > - * XXX and what if there are packets in flight and this close() > - * XXX is followed by a "rmmod sd_mod"? > + * Wait until any requests that are in progress have completed. > + * This is necessary to avoid that e.g. scsi_end_request() crashe= s > + * due to scsi_disk_relase() clearing the disk->private_data poin= ter. > */ > + blk_mq_freeze_queue(q); > + blk_mq_unfreeze_queue(q); It is over-kill to drain any requests here, what we want is to just drain any in-flight IO requests. Thanks, Ming Lei