Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp9468pxu; Thu, 3 Dec 2020 17:38:23 -0800 (PST) X-Google-Smtp-Source: ABdhPJzvaAlRoGyEVf1NgrgsQyCLxwqiTYD3IVJtXaAAA41GXPATTjHE1bo0kDy1X97hcjEGle3x X-Received: by 2002:a05:6402:17ad:: with SMTP id j13mr5522269edy.347.1607045903461; Thu, 03 Dec 2020 17:38:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1607045903; cv=none; d=google.com; s=arc-20160816; b=GKJv4gXZgTZlzZ2XQiq5vzndj3QuvBYqgFhvKxzFfrcjg5hW97dDU7Sr7InYBRkKmU 1gCqwcwjlEQXYIl7XEfggq39v4D/VC4z0qMePIo5PycDOZD85QTMdEdXF3qf1JNVDh8x 534IebDyElg0OD2QTPH4EgftFI+dGg/EppRkSoA+3P8rdtNSHo/gQJ9N4/RTUyUBeRkW 1ypJWteclvZ/BLDsu4y4lYVA0WNioFBELrDqpF1bZ3F0HzbMBpcjGDTFPYgBHDWDutmi 1/spTgeN86b3RVorHyyDPtxKgGXJx4+q0wY28d/8MUvp4kmoFuhGgBXPcdCU0U0TQ26p 0Lfg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:references :in-reply-to:mime-version:dkim-signature; bh=pwt4Dz/MItuLszDwuCb5KE9JFpoisYTMIMIqFSmKU50=; b=BeVQ9YEaXIdSE/7fL0l57W9hXpiB7Zbhizfll3d8lYvaGZ87mbt9puVK54kdwEDCuz gRmsf1VlusRzddKyWHSUe/LFFSo5p5Jaiy+2LTbI8Ay0xP97FZvfDGkv+Q9+T3wwZ94H iJJqcQiIN9WL5adNa04tv+WmJ2Uv/SB7PStR7tD/W2XGRfVnt3MnpznT6o4Nlh5XVQtW mno5w6R67rEdELjz2CCeXaaLitCziHhjehK2m9TfUK5UXrAKHDiWjrcUrIPwYX30auCB FqGmw4eo6V0Xf+d/3HHd3n2Ek8aL5zayYwfhekV3pj8FEM+GHIkMrkhIt2z3uM6VsQ58 1zfA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=O8YHXWSf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z23si2139512edl.270.2020.12.03.17.37.59; Thu, 03 Dec 2020 17:38:23 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=O8YHXWSf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726242AbgLDBeL (ORCPT + 99 others); Thu, 3 Dec 2020 20:34:11 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58754 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725965AbgLDBeL (ORCPT ); Thu, 3 Dec 2020 20:34:11 -0500 Received: from mail-pf1-x441.google.com (mail-pf1-x441.google.com [IPv6:2607:f8b0:4864:20::441]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E7D5CC061A51; Thu, 3 Dec 2020 17:33:30 -0800 (PST) Received: by mail-pf1-x441.google.com with SMTP id x24so2590290pfn.6; Thu, 03 Dec 2020 17:33:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=pwt4Dz/MItuLszDwuCb5KE9JFpoisYTMIMIqFSmKU50=; b=O8YHXWSfsGj63o9pG8JukbggA2mhu/41VW++DJE605Bp2fcOI3nWuccT8x7YkRxTFQ Dr9A5wyQNf1gyGbyUMJKEOpKLSIKrOqIemjxwxX/4gLmKfX3+ZH+yVSGD1AJpFm+ndrR CV3ORGbz0Vd1spyUHR+8BTrLgO1zKor7OD/OVqvuAuRG9yd1rG0bkgBFrl6Hyqsn+xmZ 0wBQ60exAkOQuhWcsaBUorHodxWxI4Ob7/utmft/dPLNO8K8SmLT4OLdgMyOb/NFPG0O Zawr2JzDLw8ZJtSZHB43cUzBfMCP/8sE/IHG6iGLxKNZ5b2U5jF5XEsubS9VvBxL6CSt FwyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=pwt4Dz/MItuLszDwuCb5KE9JFpoisYTMIMIqFSmKU50=; b=C9xZksVpyTyYnduTv74dLwi/IaMq0skpzYdL197G0IzkKDtrVohde5eI0M6gnELnoY 8yB+3tRo0vIaeLt1un/IzjUryySdytgbH5XR8x5S1kKOkR6nILyE4zttDWv+i9NmIm/j 333hGEimjUN2Z6GoiUbnJ43D5dW5Wx/Vrgv18Y1829ICc+/8evAns0D2oEd2yW+7AxVc 6IVv76faQh+aG7CfP3zoy4KeE5s013KrLRk2cNZKHhJ3ckvysRTGWfcI0bzbCuDQOfzJ UydC+k/Igdc9jbas1UhSG6nTLxC8zsKTlo+2vZ453rkWbx186uiHWd6OUde2OAHcEOiQ o5tw== X-Gm-Message-State: AOAM533yvgds9yqnJRG/QO4jNQAydvNOUGa8zJ8ysfNe+d7mXsu54Gfn TP4MAlq2msSQYO32Nik4TARZL85n3+XvSD87okLxra7rP9Q= X-Received: by 2002:a63:ea48:: with SMTP id l8mr534625pgk.293.1607045610324; Thu, 03 Dec 2020 17:33:30 -0800 (PST) MIME-Version: 1.0 Received: by 2002:a17:90a:7886:0:0:0:0 with HTTP; Thu, 3 Dec 2020 17:33:29 -0800 (PST) In-Reply-To: References: <20201203094711.3236551-1-yili@winhong.com> From: Yi Li Date: Fri, 4 Dec 2020 09:33:29 +0800 Message-ID: Subject: Re: [PATCH v2] bcache: fix panic due to cache_set is null To: Coly Li Cc: Yi Li , kent.overstreet@gmail.com, linux-bcache@vger.kernel.org, linux-kernel@vger.kernel.org, Guo Chao Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 12/3/20, Coly Li wrote: > On 12/3/20 5:47 PM, Yi Li wrote: >> bcache_device_detach will release the cache_set after hotunplug cache >> disk. >> >> Here is how the issue happens. >> 1) cached_dev_free do cancel_writeback_rate_update_dwork >> without bch_register_lock. >> 2) Wirting the writeback_percent by sysfs with >> bch_register_lock will insert a writeback_rate_update work. >> 3) cached_dev_free with bch_register_lock to do bcache_device_free. >> dc->disk.cl will be set NULL >> 4) update_writeback_rate will crash when access dc->disk.cl > > The analysis makes sense, good catch! Thank you for make me understand > the problem. > > >> >> Fixes: 80265d8dfd77 ("bcache: acquire bch_register_lock later in >> cached_dev_free()") >> >> IP: [] update_writeback_rate+0x59/0x3a0 [bcache] >> PGD 879620067 PUD 8755d3067 PMD 0 >> Oops: 0000 [#1] SMP >> CPU: 8 PID: 1005702 Comm: kworker/8:0 Tainted: G 4.4.0+10 #1 >> Hardware name: Intel BIOS SE5C610.86B.01.01.0021.032120170601 >> 03/21/2017 >> Workqueue: events update_writeback_rate [bcache] >> task: ffff8808786f3800 ti: ffff88077082c000 task.ti: ffff88077082c000 >> RIP: e030:[] update_writeback_rate+0x59/0x3a0 >> [bcache] >> RSP: e02b:ffff88077082fde0 EFLAGS: 00010202 >> RAX: 0000000000000018 RBX: ffff8808047f0b08 RCX: 0000000000000000 >> RDX: 0000000000000001 RSI: ffff88088170dab8 RDI: ffff88088170dab8 >> RBP: ffff88077082fe18 R08: 000000000000000a R09: 0000000000000000 >> R10: 0000000000000000 R11: 0000000000017bc8 R12: 0000000000000000 >> R13: ffff8808047f0000 R14: 0000000000000200 R15: ffff8808047f0b08 >> FS: 00007f157b6d6700(0000) GS:ffff880881700000(0000) >> knlGS:0000000000000000 >> CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033 >> CR2: 0000000000000368 CR3: 0000000875c05000 CR4: 0000000000040660 >> Stack: >> 0000000000000001 0000000000007ff0 ffff88085ff600c0 ffff880881714e80 >> ffff880881719500 0000000000000200 ffff8808047f0b08 ffff88077082fe60 >> ffffffff81088c0c 0000000081714e80 0000000000000000 ffff880881714e80 >> Call Trace: >> [] process_one_work+0x1fc/0x3b0 >> [] worker_thread+0x2a5/0x470 >> [] ? __schedule+0x648/0x870 >> [] ? rescuer_thread+0x300/0x300 >> [] kthread+0xd5/0xe0 >> [] ? kthread_stop+0x110/0x110 >> [] ret_from_fork+0x3f/0x70 >> [] ? kthread_stop+0x110/0x110 >> >> Reported-by: Guo Chao >> Signed-off-by: Yi Li >> --- >> drivers/md/bcache/super.c | 6 +++--- >> 1 file changed, 3 insertions(+), 3 deletions(-) >> >> diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c >> index 46a00134a36a..8b341f756ac0 100644 >> --- a/drivers/md/bcache/super.c >> +++ b/drivers/md/bcache/super.c >> @@ -1334,9 +1334,6 @@ static void cached_dev_free(struct closure *cl) >> { >> struct cached_dev *dc = container_of(cl, struct cached_dev, disk.cl); >> >> - if (test_and_clear_bit(BCACHE_DEV_WB_RUNNING, &dc->disk.flags)) >> - cancel_writeback_rate_update_dwork(dc); >> - >> if (!IS_ERR_OR_NULL(dc->writeback_thread)) >> kthread_stop(dc->writeback_thread); >> if (!IS_ERR_OR_NULL(dc->status_update_thread)) >> @@ -1344,6 +1341,9 @@ static void cached_dev_free(struct closure *cl) >> >> mutex_lock(&bch_register_lock); >> >> + if (test_and_clear_bit(BCACHE_DEV_WB_RUNNING, &dc->disk.flags)) >> + cancel_writeback_rate_update_dwork(dc); >> + >> if (atomic_read(&dc->running)) >> bd_unlink_disk_holder(dc->bdev, dc->disk.disk); >> bcache_device_free(&dc->disk); >> > > Such change is problematic, the writeback rate kworker mush stopped > before writeback and status_update thread, otherwise you may encounter > other problem. > enn, It is possible that I miss something. 1: writeback_rate_update work will add to the system_wq by schedule_delayed_work. 2: The issue 80265d8dfd77 --" After moving mutex_lock(&bch_register_lock) to a later location where before atomic_read(&dc->running) in cached_dev_free()" . > And when I review your patch I find another similar potential problem. > > This is tricky, let me think how to fix it .... > > Thank you again, for catch such issue. > > Coly Li > >