[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <51e9345b-7c65-e35b-148f-bc9c5e1f7dcf@kernel.dk>
Date: Tue, 8 Sep 2020 13:49:03 -0600
From: Jens Axboe <axboe@...nel.dk>
To: Omar Sandoval <osandov@...ndov.com>
Cc: Yang Yang <yang.yang@...o.com>, linux-block@...r.kernel.org,
linux-kernel@...r.kernel.org, onlyfever@...oud.com
Subject: Re: [PATCH] kyber: Fix crash in kyber_finish_request()
On 9/8/20 1:00 PM, Omar Sandoval wrote:
> On Mon, Sep 07, 2020 at 10:41:16AM -0600, Jens Axboe wrote:
>> CC Omar
>>
>> On 9/7/20 1:43 AM, Yang Yang wrote:
>>> Kernel crash when requeue flush request.
>>> It can be reproduced as below:
>>>
>>> [ 2.517297] Unable to handle kernel paging request at virtual address ffffffd8071c0b00
>>> ...
>>> [ 2.517468] pc : clear_bit+0x18/0x2c
>>> [ 2.517502] lr : sbitmap_queue_clear+0x40/0x228
>>> [ 2.517503] sp : ffffff800832bc60 pstate : 00c00145
>>> ...
>>> [ 2.517599] Process ksoftirqd/5 (pid: 51, stack limit = 0xffffff8008328000)
>>> [ 2.517602] Call trace:
>>> [ 2.517606] clear_bit+0x18/0x2c
>>> [ 2.517619] kyber_finish_request+0x74/0x80
>>> [ 2.517627] blk_mq_requeue_request+0x3c/0xc0
>>> [ 2.517637] __scsi_queue_insert+0x11c/0x148
>>> [ 2.517640] scsi_softirq_done+0x114/0x130
>>> [ 2.517643] blk_done_softirq+0x7c/0xb0
>>> [ 2.517651] __do_softirq+0x208/0x3bc
>>> [ 2.517657] run_ksoftirqd+0x34/0x60
>>> [ 2.517663] smpboot_thread_fn+0x1c4/0x2c0
>>> [ 2.517667] kthread+0x110/0x120
>>> [ 2.517669] ret_from_fork+0x10/0x18
>>>
>>> Signed-off-by: Yang Yang <yang.yang@...o.com>
>>> ---
>>> block/kyber-iosched.c | 3 +++
>>> 1 file changed, 3 insertions(+)
>>>
>>> diff --git a/block/kyber-iosched.c b/block/kyber-iosched.c
>>> index a38c5ab103d1..af73afe7a05c 100644
>>> --- a/block/kyber-iosched.c
>>> +++ b/block/kyber-iosched.c
>>> @@ -611,6 +611,9 @@ static void kyber_finish_request(struct request *rq)
>>> {
>>> struct kyber_queue_data *kqd = rq->q->elevator->elevator_data;
>>>
>>> + if (unlikely(!(rq->rq_flags & RQF_ELVPRIV)))
>>> + return;
>>> +
>>> rq_clear_domain_token(kqd, rq);
>>> }
>>>
>>>
>
> It looks like BFQ also has this check. Wouldn't it make more sense to
> check it in blk-mq, like we do for .finish_request() in
> blk_mq_free_request()? Something along these lines:
Yeah I think so, that's much better than working around it in the
consumer of it.
--
Jens Axboe
Powered by blists - more mailing lists