Received: by 2002:a05:6358:489b:b0:bb:da1:e618 with SMTP id x27csp7612543rwn; Wed, 14 Sep 2022 01:16:44 -0700 (PDT) X-Google-Smtp-Source: AA6agR6ufKeFLao3gOW0FkkxEDPuDUD52NvzFc4q23cHNYSzUCV05OUTBtCaKXG9D5pMwWoSvtmu X-Received: by 2002:a17:907:2d0b:b0:77c:68a8:a47 with SMTP id gs11-20020a1709072d0b00b0077c68a80a47mr11430177ejc.473.1663143404456; Wed, 14 Sep 2022 01:16:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663143404; cv=none; d=google.com; s=arc-20160816; b=rZMDXIYx8J0n+Qt1sCeupfjBwk+iR1B4NRze3jZ1PjB5pyizAwL2CERon7gadq8fTy MoC5/HechCjc+Ntoq7pKi8KF18M+YkbwNokioBf/Rs5qA03SUjYOHTcAbZ1rNg7xPtsu FFYpPvW1gsRU7KX1nhRy7hLBURKlA0fZNk+96XLftbvtMVIt9w+IgqQ6rLEfBHa3zr8e appbQTdbDb6tMYjchUZTIB73IM9v9O/YYgbdZfMmXrqQ8tqG48qTNbFxbBqqXjJUhph3 H1FoO6el97eJ5sKkJIWuwtyuZCoskFo/xbk0cC/UWOS2CqnvHpbS5a0Q4cEW4muAO1WK v8Ww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version:dkim-signature; bh=1biDXl6cgm2n8SGycMHAv9SCU/JP3uWb+Ul5VmFRIVw=; b=O3A64yUn0QrGR2kBJX7pyyK5hfmmjSvTpDz3P//iV1hlGivBSfEVZ7LsHkkJIw8Sw2 IUkGBxmmw3WdCwIkoaSqqQ4PqfMDwbG/TY0qTlUB4ZO7R9wdWT287lasUPXaS+UUfPd0 +YlmvqNFhM+bm7gtMm30VAdorRo196MA9zc6sKPC+Qm4kWD+Hl7fuZDCI9NyAgm9h6zF wJFuyBgiQXOTmzMVxj8ZeRAj85fIjA8+nU2r2LHm6YFSXI9E/8I5LQ/hXB+D6tgA3gka G8FNnAjCTVSR/9/GsuplQEc2I6ZxjaS7DbtNNzPOOWBckXCdfnkqR9SNNO/7ltID6Esy gb2w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@unimore.it header.s=google header.b=I5Zadj9O; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=unimore.it Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id dz10-20020a0564021d4a00b00448da245f3bsi13421042edb.6.2022.09.14.01.16.18; Wed, 14 Sep 2022 01:16:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@unimore.it header.s=google header.b=I5Zadj9O; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=unimore.it Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229933AbiINHut (ORCPT + 99 others); Wed, 14 Sep 2022 03:50:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51964 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229538AbiINHur (ORCPT ); Wed, 14 Sep 2022 03:50:47 -0400 Received: from mail-wr1-x42e.google.com (mail-wr1-x42e.google.com [IPv6:2a00:1450:4864:20::42e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A18972A434 for ; Wed, 14 Sep 2022 00:50:44 -0700 (PDT) Received: by mail-wr1-x42e.google.com with SMTP id t14so24330990wrx.8 for ; Wed, 14 Sep 2022 00:50:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unimore.it; s=google; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date; bh=1biDXl6cgm2n8SGycMHAv9SCU/JP3uWb+Ul5VmFRIVw=; b=I5Zadj9OJnTGYrv4u5A/xNiT8/POEYkxUf2yovO5ju1wBpFFBfFmBayvrXwPIFBkDZ //gq6LKqJBWglHZv9SoeF7AouP+JsdscjhfUhTxSqCmcPrOwJ8pT8WymbZp2JWhg2Y5n 2meptMdqXBOxCaJ799mUlD4aQKXmyh4e/+9N4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date; bh=1biDXl6cgm2n8SGycMHAv9SCU/JP3uWb+Ul5VmFRIVw=; b=W2ZcBIV1X0Z8csZKMXlNoCel3PyKXhFz+85SrmXyeRpLUXnGA5knB6IT2pa01ZUJhg MHKWu0MnhFgoV+YtmVT3dlZHcMGt2mjjd3QZHh/Dar9Ex+vMUw7bQXtxTeAZLfR6jmt2 X4dm+mjFjSLFmnhJCmRL4cWkPZzuzYLmHs3hY/pCgHfg7ewCF5kVrthLwZb8Y9jLSCjK GtzputttAZRQvqrGax7FzsvHYEUMUpGM169+5sBWqKny4HHAP5CDQdrN8Fp8nXBEGMuO 1rzGd4I8aFZqycrDPEa335lhmOfNCnKIOIfeI5p9CNXzBF/Dw+86Cn8tvQo18nXQ/Joh QU5Q== X-Gm-Message-State: ACgBeo0YbkF1fM8upNQc3Mq9+/6CXDT6Big7IsPSb5axzGiaUzFTz+Am Lr2YWY28QPMZHcRUZn+Fl6sY X-Received: by 2002:a5d:62cb:0:b0:228:6a13:24d9 with SMTP id o11-20020a5d62cb000000b002286a1324d9mr21349678wrv.497.1663141843044; Wed, 14 Sep 2022 00:50:43 -0700 (PDT) Received: from mbp-di-paolo.station (net-2-37-207-44.cust.vodafonedsl.it. [2.37.207.44]) by smtp.gmail.com with ESMTPSA id bk12-20020a0560001d8c00b0022762b0e2a2sm13119612wrb.6.2022.09.14.00.50.41 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 14 Sep 2022 00:50:42 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Subject: Re: [PATCH -next v10 3/4] block, bfq: refactor the counting of 'num_groups_with_pending_reqs' From: Paolo VALENTE In-Reply-To: Date: Wed, 14 Sep 2022 09:50:41 +0200 Cc: Jan Kara , cgroups@vger.kernel.org, linux-block , Tejun Heo , Jens Axboe , LKML , yi.zhang@huawei.com, "yukuai (C)" Content-Transfer-Encoding: quoted-printable Message-Id: References: <20220610021701.2347602-1-yukuai3@huawei.com> <20220610021701.2347602-4-yukuai3@huawei.com> <27F2DF19-7CC6-42C5-8CEB-43583EB4AE46@linaro.org> <9b2d667f-6636-9347-08a1-8bd0aa2346f2@huaweicloud.com> <2f94f241-445f-1beb-c4a8-73f6efce5af2@huaweicloud.com> <55A07102-BE55-4606-9E32-64E884064FB9@unimore.it> <5cb0e5bc-feec-86d6-6f60-3c28ee625efd@huaweicloud.com> <5e0b44b4-46cc-b3c6-1d93-00a0a683eda8@huaweicloud.com> To: Yu Kuai X-Mailer: Apple Mail (2.3445.104.11) X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > Il giorno 14 set 2022, alle ore 03:55, Yu Kuai = ha scritto: >=20 >=20 >=20 > =E5=9C=A8 2022/09/07 9:16, Yu Kuai =E5=86=99=E9=81=93: >> Hi, Paolo! >> =E5=9C=A8 2022/09/06 17:37, Paolo Valente =E5=86=99=E9=81=93: >>>=20 >>>=20 >>>> Il giorno 26 ago 2022, alle ore 04:34, Yu Kuai = ha scritto: >>>>=20 >>>> Hi, Paolo! >>>>=20 >>>> =E5=9C=A8 2022/08/25 22:59, Paolo Valente =E5=86=99=E9=81=93: >>>>>> Il giorno 11 ago 2022, alle ore 03:19, Yu Kuai = > ha scritto: >>>>>>=20 >>>>>> Hi, Paolo >>>>>>=20 >>>>>> =E5=9C=A8 2022/08/10 18:49, Paolo Valente =E5=86=99=E9=81=93: >>>>>>>> Il giorno 27 lug 2022, alle ore 14:11, Yu Kuai = > ha scritto: >>>>>>>>=20 >>>>>>>> Hi, Paolo >>>>>>>>=20 >>>>>>> hi >>>>>>>> Are you still interested in this patchset? >>>>>>>>=20 >>>>>>> Yes. Sorry for replying very late again. >>>>>>> Probably the last fix that you suggest is enough, but I'm a = little bit >>>>>>> concerned that it may be a little hasty. In fact, before this = fix, we >>>>>>> exchanged several messages, and I didn't seem to be very good at >>>>>>> convincing you about the need to keep into account also = in-service >>>>>>> I/O. So, my question is: are you sure that now you have a >>>>>>=20 >>>>>> I'm confused here, I'm pretty aware that in-service I/O(as said = pending >>>>>> requests is the patchset) should be counted, as you suggested in = v7, are >>>>>> you still thinking that the way in this patchset is problematic? >>>>>>=20 >>>>>> I'll try to explain again that how to track is bfqq has pending = pending >>>>>> requests, please let me know if you still think there are some = problems: >>>>>>=20 >>>>>> patch 1 support to track if bfqq has pending requests, it's >>>>>> done by setting the flag 'entity->in_groups_with_pending_reqs' = when the >>>>>> first request is inserted to bfqq, and it's cleared when the last >>>>>> request is completed. specifically the flag is set in >>>>>> bfq_add_bfqq_busy() when 'bfqq->dispatched' if false, and it's = cleared >>>>>> both in bfq_completed_request() and bfq_del_bfqq_busy() when >>>>>> 'bfqq->diapatched' is false. >>>>>>=20 >>>>> This general description seems correct to me. Have you already = sent a new version of your patchset? >>>>=20 >>>> It's glad that we finially on the same page here. >>>>=20 >>>=20 >>> Yep. Sorry for my chronicle delay. >> Better late than never =F0=9F=98=81 >>>=20 >>>> Please take a look at patch 1, which already impelement the above >>>> descriptions, it seems to me there is no need to send a new version >>>> for now. If you think there are still some other problems, please = let >>>> me know. >>>>=20 >>>=20 >>> Patch 1 seems ok to me. I seem to have only one pending comment on = this patch (3/4) instead. Let me paste previous stuff here for your = convenience: >> That sounds good. >>>=20 >>>>>=20 >>>>> - /* >>>>> - * Next function is invoked last, because it causes bfqq to = be >>>>> - * freed if the following holds: bfqq is not in service and >>>>> - * has no dispatched request. DO NOT use bfqq after the next >>>>> - * function invocation. >>>>> - */ >>>> I would really love it if you leave this comment. I added it after >>>> suffering a lot for a nasty UAF. Of course the first sentence may >>>> need to be adjusted if the code that precedes it is to be removed. >>>> Same as above, if this patch is applied, this function will be = gone. >=20 > Hi, I'm curious while I'm trying to add the comment, before this > patchset, can bfqq be freed when bfq_weights_tree_remove is called? >=20 > bfq_completed_request > bfqq->dispatched-- > if (!bfqq->dispatched && !bfq_bfqq_busy(bfqq)) > bfq_weights_tree_remove(bfqd, bfqq); >=20 > // continue to use bfqq >=20 > It seems to me this is problematic if so, because bfqq is used after > bfq_weights_tree_remove() is called. >=20 It is. Yet, IIRC, I verified that bfqq was not used after that free, and I added that comment as a heads-up. What is a scenario (before your pending modifications) where this use-after-free happens? Thanks, Paolo > Thanks, > Kuai