Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp2825819pxv; Mon, 12 Jul 2021 02:53:39 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzoPjR793AQAb+9TjOXzcVqDQWmpeP6TuWwwpDq7bMdNn2wefRVb0176fPqtK61241Xk2pf X-Received: by 2002:a5e:a806:: with SMTP id c6mr9340207ioa.166.1626083619121; Mon, 12 Jul 2021 02:53:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626083619; cv=none; d=google.com; s=arc-20160816; b=VDyYYX+3JtkrpIS5el2sx4hWb3LNH6tfL9//Lmgmt3ZynX8SBWOGNHkIY8HxU/Yid6 EAYYG/qGx74H5dDGloRdjCPlLDrA17YIezMPZcWl89s8pIbn3Ns7bENiZQNEdyWaO/aK yM/Dg8df63Fj8BXoPNORj9Zw4NtbXMRHzEy35JeQJqtKIudp/KvOO0gLn8P/tdyHwwb6 LAXxAxjxJ+3I5wkZ3jwdOPrz86ZNDbHXCIbjF66lq0IisHBKQpu33gw99F5f9kEQ44Sl rvMY2hgdrKRIYy/zRkCb87EDDuTayGSBgz4icOLpwAjaBW0UH296Jj+0bEm12icJE9io CGlg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=U6AFmCKxeY/mTFTORdZWz/Vlrdp7wxx/yUOtYGkb+Rc=; b=UUL7YKRNwxwS9axAPTfRcHnkxmmSZJdlQZE4Nx1qhRYQXXqa+wbc4Km4bY41QAvEcd fS/QEImuw7vBFSXfqj4dlsT999QjZjuw0ZpmUdUKQ3XzOspTH89zWSUZymqLZxNFqUsi C2mahIXbJEmc81i9pqVk16A28xTAupj6F+DYyU4CIVpF6P84plLtUBoyKyjRMHUUZ6qx pFTfqfeZTJmtGacw80nAsJQt3IbUbRE+8MjpzrodCId6DNsH6bSUgkfgOVR9e4FakwuZ ANAEI5JyKhAhGlmAFUgK4Hncafp6EdOBC93xNVn7QT0owwDaceUnkV7NepHb2YxDqxHS 1zWg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=WzKrZwa1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d5si16865362ilr.23.2021.07.12.02.53.25; Mon, 12 Jul 2021 02:53:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=WzKrZwa1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239051AbhGLGt2 (ORCPT + 99 others); Mon, 12 Jul 2021 02:49:28 -0400 Received: from mail.kernel.org ([198.145.29.99]:58304 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237499AbhGLGj3 (ORCPT ); Mon, 12 Jul 2021 02:39:29 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id A6AB66113B; Mon, 12 Jul 2021 06:35:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1626071717; bh=hEXybyKNzNQh9GIrfXSwiHb+N8bB+QE1nn7cGPVvTAw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WzKrZwa14UgzQ0BSVD6A20fsLRl6Ycn6SKIV0O19oaGIJtD/EGXSnKsUZY2ST6BjW bapy7VKqQ6V+TVMa444qdgbXw5Z0fuPtOGQqvy1Fa3K92NQ+Gka2yGK4TtyoPRSNLc IGbF+4oIqCkn3rhGlMDTNHEuMCFx7lizFVNKgPRE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Yi Zhang , Bart Van Assche , Ming Lei , Jens Axboe , Sasha Levin Subject: [PATCH 5.10 188/593] block: fix race between adding/removing rq qos and normal IO Date: Mon, 12 Jul 2021 08:05:48 +0200 Message-Id: <20210712060903.707501588@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210712060843.180606720@linuxfoundation.org> References: <20210712060843.180606720@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Ming Lei [ Upstream commit 2cafe29a8d03f02a3d16193bdaae2f3e82a423f9 ] Yi reported several kernel panics on: [16687.001777] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 ... [16687.163549] pc : __rq_qos_track+0x38/0x60 or [ 997.690455] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 ... [ 997.850347] pc : __rq_qos_done+0x2c/0x50 Turns out it is caused by race between adding rq qos(wbt) and normal IO because rq_qos_add can be run when IO is being submitted, fix this issue by freezing queue before adding/deleting rq qos to queue. rq_qos_exit() needn't to freeze queue because it is called after queue has been frozen. iolatency calls rq_qos_add() during allocating queue, so freezing won't add delay because queue usage refcount works at atomic mode at that time. iocost calls rq_qos_add() when writing cgroup attribute file, that is fine to freeze queue at that time since we usually freeze queue when storing to queue sysfs attribute, meantime iocost only exists on the root cgroup. wbt_init calls it in blk_register_queue() and queue sysfs attribute store(queue_wb_lat_store() when write it 1st time in case of !BLK_WBT_MQ), the following patch will speedup the queue freezing in wbt_init. Reported-by: Yi Zhang Cc: Bart Van Assche Signed-off-by: Ming Lei Reviewed-by: Bart Van Assche Tested-by: Yi Zhang Link: https://lore.kernel.org/r/20210609015822.103433-2-ming.lei@redhat.com Signed-off-by: Jens Axboe Signed-off-by: Sasha Levin --- block/blk-rq-qos.h | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/block/blk-rq-qos.h b/block/blk-rq-qos.h index 2bc43e94f4c4..2bcb3495e376 100644 --- a/block/blk-rq-qos.h +++ b/block/blk-rq-qos.h @@ -7,6 +7,7 @@ #include #include #include +#include #include "blk-mq-debugfs.h" @@ -99,8 +100,21 @@ static inline void rq_wait_init(struct rq_wait *rq_wait) static inline void rq_qos_add(struct request_queue *q, struct rq_qos *rqos) { + /* + * No IO can be in-flight when adding rqos, so freeze queue, which + * is fine since we only support rq_qos for blk-mq queue. + * + * Reuse ->queue_lock for protecting against other concurrent + * rq_qos adding/deleting + */ + blk_mq_freeze_queue(q); + + spin_lock_irq(&q->queue_lock); rqos->next = q->rq_qos; q->rq_qos = rqos; + spin_unlock_irq(&q->queue_lock); + + blk_mq_unfreeze_queue(q); if (rqos->ops->debugfs_attrs) blk_mq_debugfs_register_rqos(rqos); @@ -110,12 +124,22 @@ static inline void rq_qos_del(struct request_queue *q, struct rq_qos *rqos) { struct rq_qos **cur; + /* + * See comment in rq_qos_add() about freezing queue & using + * ->queue_lock. + */ + blk_mq_freeze_queue(q); + + spin_lock_irq(&q->queue_lock); for (cur = &q->rq_qos; *cur; cur = &(*cur)->next) { if (*cur == rqos) { *cur = rqos->next; break; } } + spin_unlock_irq(&q->queue_lock); + + blk_mq_unfreeze_queue(q); blk_mq_debugfs_unregister_rqos(rqos); } -- 2.30.2