Thread (9 messages) 9 messages, 5 authors, 2021-03-26

Re: [PATCH] blk-mq: Fix races between iterating over requests and freeing requests

From: Bart Van Assche <bvanassche@acm.org>
Date: 2021-03-22 23:39:13

On 3/22/21 3:39 PM, Khazhy Kumykov wrote:
On Thu, Mar 18, 2021 at 6:00 PM Bart Van Assche [off-list ref] wrote:
quoted
Multiple users have reported use-after-free complaints similar to the
following (see also https://lore.kernel.org/linux-block/1545261885.185366.488.camel@acm.org/ (local)):
This fixes the crashes I was seeing. I also looked over the patch and
the dereferencing rules seem correct, although that q_usage_counter
check in the bad case seems racy itself? Thanks!
Reviewed-By: Khazhismel Kumykov <redacted>
Thanks Khazy for the review and for the testing. The purpose of the 
q_usage_counter check in blk_mq_tag_to_rq() is to catch calls of 
blk_mq_tag_to_rq() from outside .queue_rq() that happen during or after 
queue deletion. Maybe I should change that check into a test of 
QUEUE_FLAG_DYING.

Bart.

Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help