Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp1436187pxk; Fri, 18 Sep 2020 12:24:23 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwOeCpgc8pWx1EBk7DEcoJEmQ+gnnbrKIOIFldV09sKvGHwQVcVXAJR1q/0QAnp6MLB67ak X-Received: by 2002:a05:6402:1584:: with SMTP id c4mr40879362edv.192.1600457063576; Fri, 18 Sep 2020 12:24:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600457063; cv=none; d=google.com; s=arc-20160816; b=YyKIL0gBhwgD4npbL0DqOYd9K1PvMds2ZlgoAuhZ5iXOFXiJhGNYjxfvu8FtNPyFX8 vvYjrXjTrCMih9FMo67l16BLFTXzZysHdmHidu1DKXs/ehcsdKIqYIYgsMN+8vfqS6lx ULrCKKy6LW/TsmGSXKeCj7Hq8IZc73ilv1BwizP+B5SjrSSK3OG5TOSdLR61W1XT4+BM 4szC6kN0NwCBNwQwmdoY7TdWFnoJprLYL/Je6+7hjjdyEWZIiPXCKmU1gJj51aFtiw3Y 8EPorD/6bLvCbC6c2pujlfR5IhSWtCgf+xLk3k6D5IWim2homVsZfP+k1L04ouw4edbx Efqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=W1PbtA16dBU5xQyBMHKjuuYVIEFElq6+Yso7GSGEWtg=; b=wT1S7PCsmIgHHRDeXLaiSYIltknnXireNf36zE8sdLuSlsCPZuGMaqoASMBA3i8dEY 3AZG1+Do9DVImGKOYHc/erpr22lJuUMEsw9hFMb+Irfj5glTmBUAbonxFpDhN3OsrvCv UtYwK+MuAR72uiVjYqH+JAmbWBD8e89QvYPzn8otOdWPQJhTn54CDzAKY3KaGsooz4A8 BfGFnhZVmTy+aEQY8ipcXaaY5TadrrRix4Q82TpsOyyrU2Ms+/CX8SOJJafqqtplqpMp gb+WlWOcgdFm+SsEfruOjd0f/nusrkvHkJrMNDE4/x+u43hw3tZTCPrXdUthNQK/YMaG grtw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=rndya9Po; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g24si2938744edu.262.2020.09.18.12.24.00; Fri, 18 Sep 2020 12:24:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=rndya9Po; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726262AbgIRTUh (ORCPT + 99 others); Fri, 18 Sep 2020 15:20:37 -0400 Received: from mail.kernel.org ([198.145.29.99]:33512 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726115AbgIRTUh (ORCPT ); Fri, 18 Sep 2020 15:20:37 -0400 Received: from dhcp-10-100-145-180.wdl.wdc.com (unknown [199.255.45.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id CEEB120848; Fri, 18 Sep 2020 19:20:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1600456837; bh=Ojjtf3XxHVf8O7TWPo1OaH20IQUd/Rub717GJHX/1Ag=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=rndya9PoIkPmLOdSjEDwVErbNQhO1Zhg3JzC0oan4cqT20VceloTqr22iTh8cNJaF 3X5iVX8aJ9l2+1WkAuh7o7jAkMlrmDL6C/ttRv9Klw6u9BLt2dYF0ttqtMs/sN1VCa 3wLNQAMVdH692FpMKFDPJTDKaZHu4+sVIPFtUWnE= Date: Fri, 18 Sep 2020 12:20:34 -0700 From: Keith Busch To: Xianting Tian Cc: axboe@fb.com, hch@lst.de, sagi@grimberg.me, linux-nvme@lists.infradead.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] [v2] nvme: use correct upper limit for tag in nvme_handle_cqe() Message-ID: <20200918192034.GA4030837@dhcp-10-100-145-180.wdl.wdc.com> References: <20200918104420.30219-1-tian.xianting@h3c.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200918104420.30219-1-tian.xianting@h3c.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Sep 18, 2020 at 06:44:20PM +0800, Xianting Tian wrote: > @@ -940,7 +940,9 @@ static inline void nvme_handle_cqe(struct nvme_queue *nvmeq, u16 idx) > struct nvme_completion *cqe = &nvmeq->cqes[idx]; > struct request *req; > > - if (unlikely(cqe->command_id >= nvmeq->q_depth)) { > + if (unlikely(cqe->command_id >= > + nvmeq->qid ? nvmeq->dev->tagset.queue_depth : > + nvmeq->dev->admin_tagset.queue_depth)) { Both of these values are set before blk_mq_alloc_tag_set(), so you still have a race. The interrupt handler probably just shouldn't be registered with the queue before the tagset is initialized since there can't be any work for the handler to do before that happens anyway. The controller is definitely broken, though, and will lead to unavoidable corruption if it's really behaving this way.