| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <43327033306c3dd2f7c3717d64ce22415b6f3451.camel@wdc.com>
Date: Wed, 16 May 2018 14:56:42 +0000
From: Bart Van Assche <Bart.VanAssche@....com>
To: "syzbot+c4f9cebf9d651f6e54de@...kaller.appspotmail.com"
<syzbot+c4f9cebf9d651f6e54de@...kaller.appspotmail.com>,
"syzkaller-bugs@...glegroups.com" <syzkaller-bugs@...glegroups.com>,
"dan.j.williams@...el.com" <dan.j.williams@...el.com>,
"linux-block@...r.kernel.org" <linux-block@...r.kernel.org>,
"penguin-kernel@...ove.SAKURA.ne.jp"
<penguin-kernel@...ove.SAKURA.ne.jp>,
"axboe@...nel.dk" <axboe@...nel.dk>
CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"jthumshirn@...e.de" <jthumshirn@...e.de>,
"alan.christopher.jenkins@...il.com"
<alan.christopher.jenkins@...il.com>, "hch@....de" <hch@....de>,
"martin.petersen@...cle.com" <martin.petersen@...cle.com>,
"dvyukov@...gle.com" <dvyukov@...gle.com>,
"ming.lei@...hat.com" <ming.lei@...hat.com>,
"martin@...htvoll.de" <martin@...htvoll.de>,
"oleksandr@...alenko.name" <oleksandr@...alenko.name>,
"hare@...e.com" <hare@...e.com>,
"ross.zwisler@...ux.intel.com" <ross.zwisler@...ux.intel.com>,
"keith.busch@...el.com" <keith.busch@...el.com>,
"linux-ext4@...r.kernel.org" <linux-ext4@...r.kernel.org>
Subject: Re: INFO: task hung in blk_queue_enter
On Wed, 2018-05-16 at 22:05 +0900, Tetsuo Handa wrote:
> One ore more threads are waiting for q->mq_freeze_depth to become 0. But the
> thread who incremented q->mq_freeze_depth at blk_freeze_queue_start(q) from
> blk_freeze_queue() is waiting at blk_mq_freeze_queue_wait(). Therefore,
> atomic_read(&q->mq_freeze_depth) == 0 condition for wait_event() in
> blk_queue_enter() will never be satisfied. But what does that wait_event()
> want to do? Isn't "start freezing" a sort of blk_queue_dying(q) == true?
> Since percpu_ref_tryget_live(&q->q_usage_counter) failed and the queue is
> about to be frozen, shouldn't we treat atomic_read(&q->mq_freeze_depth) != 0
> as if blk_queue_dying(q) == true? That is, something like below:
>
> diff --git a/block/blk-core.c b/block/blk-core.c
> index 85909b4..59e2496 100644
> --- a/block/blk-core.c
> +++ b/block/blk-core.c
> @@ -951,10 +951,10 @@ int blk_queue_enter(struct request_queue *q, blk_mq_req_flags_t flags)
> smp_rmb();
>
> wait_event(q->mq_freeze_wq,
> - (atomic_read(&q->mq_freeze_depth) == 0 &&
> - (preempt || !blk_queue_preempt_only(q))) ||
> + atomic_read(&q->mq_freeze_depth) ||
> + (preempt || !blk_queue_preempt_only(q)) ||
> blk_queue_dying(q));
> - if (blk_queue_dying(q))
> + if (atomic_read(&q->mq_freeze_depth) || blk_queue_dying(q))
> return -ENODEV;
> }
> }
That change looks wrong to me. Additionally, I think that you are looking in
the wrong direction. Since blk_mq_freeze_queue_wait() and blk_queue_enter()
work fine for all block drivers except the loop driver I think that you should
have a closer look at how the loop driver uses this block layer functionality.
Thanks,
Bart.
Powered by blists - more mailing lists