Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp1654200pxk; Fri, 18 Sep 2020 20:20:23 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy+vk1wmJfLAYn9m2hAljeyjbC79JjIOlt3aTvnX3S9GPmfO7Wp+H+ir/7UZnsXwmLUBFrY X-Received: by 2002:a17:907:213b:: with SMTP id qo27mr38175426ejb.441.1600485623319; Fri, 18 Sep 2020 20:20:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600485623; cv=none; d=google.com; s=arc-20160816; b=dkIY9h3yEQ+VorJM3fy5Vs5XrGhtwg2vO6tmHIJDOe6Eq+3P1QCSUyfRNe227IufvC RE23KERsNqUOg9FZS9MOdlorM4QGhlQPsFaslEBqFiJdooF1qbREWTiqq9+XhnLNCmYP DnrMU8fmr56/Cw+yBWqhY6p5jB1n/NwlRA/HpQtIkbV1uu6TJ2ToaxrLlvYbqbFfGBWY /F0+UBurWa3wyX3p4y01tBq1GNvZMJXqeU8epjrohReI7zZEVU3Kzxjv4zG/i0Xg6ftP 8i6lt7MLBO8sCVY4G0VTui/cERZbi1DtYRX910zVX98SEfZFMkjwybWoLc6YDqvE6LKf ppig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-transfer-encoding :content-language:accept-language:in-reply-to:references:message-id :date:thread-index:thread-topic:subject:cc:to:from; bh=gXi6Tml99cic41oy7dzuhlApjhm04S4oXUWztj+1sL8=; b=Y68DIiHT66+h5qF91UqUuTz+lC5SFW2DwPOm1lwkSfvKBqi5UyxLs0pdmwAuio4R6h 1USTrfU63/0mVviyE2eLZcTT8bwXfo1sKxThoKS5e7p2R3+M42S/zXOGYVzxgJ0Xii0C J6aqcdJVho3xJP6+5rLuMue0We2W4EXbqBbRrwqVATGIyLSzhAlhh2E/fGXsviBZTZrM TnYhL6ZrO+977RHb4UKlx+Uvmy3Y6MKAMjBpgrXhNP0dbiXmWOei9qk7AScdrokif0B1 WP9sLzO3KKeVwnHi2fy42Lb0IOhyiF5DHpXVb+mflH7VWIpdeU6fnhA/PnIQUOz83X7p E31g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id nq4si3916322ejb.569.2020.09.18.20.20.00; Fri, 18 Sep 2020 20:20:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726361AbgISDQE convert rfc822-to-8bit (ORCPT + 99 others); Fri, 18 Sep 2020 23:16:04 -0400 Received: from smtp.h3c.com ([60.191.123.50]:1400 "EHLO h3cspam02-ex.h3c.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726343AbgISDQE (ORCPT ); Fri, 18 Sep 2020 23:16:04 -0400 Received: from DAG2EX10-IDC.srv.huawei-3com.com ([10.8.0.73]) by h3cspam02-ex.h3c.com with ESMTPS id 08J3F1XP095124 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=FAIL); Sat, 19 Sep 2020 11:15:01 +0800 (GMT-8) (envelope-from tian.xianting@h3c.com) Received: from DAG2EX03-BASE.srv.huawei-3com.com (10.8.0.66) by DAG2EX10-IDC.srv.huawei-3com.com (10.8.0.73) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Sat, 19 Sep 2020 11:15:03 +0800 Received: from DAG2EX03-BASE.srv.huawei-3com.com ([fe80::5d18:e01c:bbbd:c074]) by DAG2EX03-BASE.srv.huawei-3com.com ([fe80::5d18:e01c:bbbd:c074%7]) with mapi id 15.01.1713.004; Sat, 19 Sep 2020 11:15:03 +0800 From: Tianxianting To: Keith Busch CC: "axboe@fb.com" , "hch@lst.de" , "sagi@grimberg.me" , "linux-nvme@lists.infradead.org" , "linux-kernel@vger.kernel.org" Subject: RE: [PATCH] [v2] nvme: use correct upper limit for tag in nvme_handle_cqe() Thread-Topic: [PATCH] [v2] nvme: use correct upper limit for tag in nvme_handle_cqe() Thread-Index: AQHWjamkvjMzTC+ou0aptn5bKR4hY6luQCAAgAEKLTA= Date: Sat, 19 Sep 2020 03:15:02 +0000 Message-ID: <7df20a0b20b44fbe9e62f4c31087a067@h3c.com> References: <20200918104420.30219-1-tian.xianting@h3c.com> <20200918192034.GA4030837@dhcp-10-100-145-180.wdl.wdc.com> In-Reply-To: <20200918192034.GA4030837@dhcp-10-100-145-180.wdl.wdc.com> Accept-Language: en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.99.141.128] x-sender-location: DAG2 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8BIT MIME-Version: 1.0 X-DNSRBL: X-MAIL: h3cspam02-ex.h3c.com 08J3F1XP095124 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Keith, Thanks a lot for your comments, I will try to figure out a safe fix for this issue, then for you review:) -----Original Message----- From: Keith Busch [mailto:kbusch@kernel.org] Sent: Saturday, September 19, 2020 3:21 AM To: tianxianting (RD) Cc: axboe@fb.com; hch@lst.de; sagi@grimberg.me; linux-nvme@lists.infradead.org; linux-kernel@vger.kernel.org Subject: Re: [PATCH] [v2] nvme: use correct upper limit for tag in nvme_handle_cqe() On Fri, Sep 18, 2020 at 06:44:20PM +0800, Xianting Tian wrote: > @@ -940,7 +940,9 @@ static inline void nvme_handle_cqe(struct nvme_queue *nvmeq, u16 idx) > struct nvme_completion *cqe = &nvmeq->cqes[idx]; > struct request *req; > > - if (unlikely(cqe->command_id >= nvmeq->q_depth)) { > + if (unlikely(cqe->command_id >= > + nvmeq->qid ? nvmeq->dev->tagset.queue_depth : > + nvmeq->dev->admin_tagset.queue_depth)) { Both of these values are set before blk_mq_alloc_tag_set(), so you still have a race. The interrupt handler probably just shouldn't be registered with the queue before the tagset is initialized since there can't be any work for the handler to do before that happens anyway. The controller is definitely broken, though, and will lead to unavoidable corruption if it's really behaving this way.