| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <d7c3135c-7431-0b6d-dc5b-f0339ce1290d@applied-asynchrony.com>
Date: Thu, 20 May 2021 18:39:18 +0200
From: Holger Hoffstätte <holger@...lied-asynchrony.com>
To: Luca Mariotti <mariottiluca1@...mail.it>,
Paolo Valente <paolo.valente@...aro.org>,
Jens Axboe <axboe@...nel.dk>
Cc: linux-block@...r.kernel.org, linux-kernel@...r.kernel.org,
Pietro Pedroni <pedroni.pietro.96@...il.com>
Subject: Re: [PATCH BUGFIX] block, bfq: fix delayed stable merge check
On 2021-05-20 09:15, Holger Hoffstätte wrote:
> On 2021-05-18 12:43, Luca Mariotti wrote:
>> When attempting to schedule a merge of a given bfq_queue with the currently
>> in-service bfq_queue or with a cooperating bfq_queue among the scheduled
>> bfq_queues, delayed stable merge is checked for rotational or non-queueing
>> devs. For this stable merge to be performed, some conditions must be met.
>> If the current bfq_queue underwent some split from some merged bfq_queue,
>> one of these conditions is that two hundred milliseconds must elapse from
>> split, otherwise this condition is always met.
>>
>> Unfortunately, by mistake, time_is_after_jiffies() was written instead of
>> time_is_before_jiffies() for this check, verifying that less than two
>> hundred milliseconds have elapsed instead of verifying that at least two
>> hundred milliseconds have elapsed.
>>
>> Fix this issue by replacing time_is_after_jiffies() with
>> time_is_before_jiffies().
>>
>> Signed-off-by: Luca Mariotti <mariottiluca1@...mail.it>
>> Signed-off-by: Paolo Valente <paolo.valente@...aro.org>
>> Signed-off-by: Pietro Pedroni <pedroni.pietro.96@...il.com>
>> ---
>> block/bfq-iosched.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c
>> index acd1f881273e..2adb1e69c9d2 100644
>> --- a/block/bfq-iosched.c
>> +++ b/block/bfq-iosched.c
>> @@ -2697,7 +2697,7 @@ bfq_setup_cooperator(struct bfq_data *bfqd, struct bfq_queue *bfqq,
>> if (unlikely(!bfqd->nonrot_with_queueing)) {
>> if (bic->stable_merge_bfqq &&
>> !bfq_bfqq_just_created(bfqq) &&
>> - time_is_after_jiffies(bfqq->split_time +
>> + time_is_before_jiffies(bfqq->split_time +
>> msecs_to_jiffies(200))) {
>> struct bfq_queue *stable_merge_bfqq =
>> bic->stable_merge_bfqq;
>>
>
> Not sure why but with this patch I quickly got a division-by-zero in BFQ and
> complete system halt. Unfortunately I couldn't capture the exact stack trace,
> but it read something like bfq_calc_weight() or something ike that.
> I looked through the code and found bfq_delta(), so maybe weight got
> reduced to 0?
Tried again, another boom. This time I managed to capture a stack trace
(scrolled out at the top, but it's the same as before and easily reproducible):
https://imgur.com/a/sU1pDaF
This is a heavily patched 5.10.x, but it's been perfectly stable so far
until I added this last patch; the one before was avoid-circular-stable-merges.
Maybe an unintentional side effect? In any case all I see is bfq_delta() inlined
into bfq_calc_finish() and exploding since entity->weight is apparently 0.
Hope this helps.
-h
Powered by blists - more mailing lists