block: only call sched requeue_request() for scheduled requests

mainline inclusion from mainline-5.9-rc5 commit e8a8a185 category: bugfix bugzilla: 172928 CVE: NA --------------------------- Yang Yang reported the following crash caused by requeueing a flush request in Kyber: [ 2.517297] Unable to handle kernel paging request at virtual address ffffffd8071c0b00 ... [ 2.517468] pc : clear_bit+0x18/0x2c [ 2.517502] lr : sbitmap_queue_clear+0x40/0x228 [ 2.517503] sp : ffffff800832bc60 pstate : 00c00145 ... [ 2.517599] Process ksoftirqd/5 (pid: 51, stack limit = 0xffffff8008328000) [ 2.517602] Call trace: [ 2.517606] clear_bit+0x18/0x2c [ 2.517619] kyber_finish_request+0x74/0x80 [ 2.517627] blk_mq_requeue_request+0x3c/0xc0 [ 2.517637] __scsi_queue_insert+0x11c/0x148 [ 2.517640] scsi_softirq_done+0x114/0x130 [ 2.517643] blk_done_softirq+0x7c/0xb0 [ 2.517651] __do_softirq+0x208/0x3bc [ 2.517657] run_ksoftirqd+0x34/0x60 [ 2.517663] smpboot_thread_fn+0x1c4/0x2c0 [ 2.517667] kthread+0x110/0x120 [ 2.517669] ret_from_fork+0x10/0x18 This happens because Kyber doesn't track flush requests, so kyber_finish_request() reads a garbage domain token. Only call the scheduler's requeue_request() hook if RQF_ELVPRIV is set (like we do for the finish_request() hook in blk_mq_free_request()). Now that we're handling it in blk-mq, also remove the check from BFQ. Reported-by: N Yang Yang <yang.yang@vivo.com> Signed-off-by: N Omar Sandoval <osandov@fb.com> Signed-off-by: N Jens Axboe <axboe@kernel.dk> Conflicts: block/blk-mq-sched.h [ Cleanup patch 67cae4c9("blk-mq: cleanup and improve list insertion") is not applied. ] Signed-off-by: N Zhihao Cheng <chengzhihao1@huawei.com> Reviewed-by: N Jason Yan <yanaijie@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>

block: only call sched requeue_request() for scheduled requests
mainline inclusion from mainline-5.9-rc5 commit e8a8a185 category: bugfix bugzilla: 172928 CVE: NA --------------------------- Yang Yang reported the following crash caused by requeueing a flush request in Kyber: [ 2.517297] Unable to handle kernel paging request at virtual address ffffffd8071c0b00 ... [ 2.517468] pc : clear_bit+0x18/0x2c [ 2.517502] lr : sbitmap_queue_clear+0x40/0x228 [ 2.517503] sp : ffffff800832bc60 pstate : 00c00145 ... [ 2.517599] Process ksoftirqd/5 (pid: 51, stack limit = 0xffffff8008328000) [ 2.517602] Call trace: [ 2.517606] clear_bit+0x18/0x2c [ 2.517619] kyber_finish_request+0x74/0x80 [ 2.517627] blk_mq_requeue_request+0x3c/0xc0 [ 2.517637] __scsi_queue_insert+0x11c/0x148 [ 2.517640] scsi_softirq_done+0x114/0x130 [ 2.517643] blk_done_softirq+0x7c/0xb0 [ 2.517651] __do_softirq+0x208/0x3bc [ 2.517657] run_ksoftirqd+0x34/0x60 [ 2.517663] smpboot_thread_fn+0x1c4/0x2c0 [ 2.517667] kthread+0x110/0x120 [ 2.517669] ret_from_fork+0x10/0x18 This happens because Kyber doesn't track flush requests, so kyber_finish_request() reads a garbage domain token. Only call the scheduler's requeue_request() hook if RQF_ELVPRIV is set (like we do for the finish_request() hook in blk_mq_free_request()). Now that we're handling it in blk-mq, also remove the check from BFQ. Reported-by: N Yang Yang <yang.yang@vivo.com> Signed-off-by: N Omar Sandoval <osandov@fb.com> Signed-off-by: N Jens Axboe <axboe@kernel.dk> Conflicts: block/blk-mq-sched.h [ Cleanup patch 67cae4c9("blk-mq: cleanup and improve list insertion") is not applied. ] Signed-off-by: N Zhihao Cheng <chengzhihao1@huawei.com> Reviewed-by: N Jason Yan <yanaijie@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>
b73ecd88 · Omar Sandoval · Yang Yingliang · cef81d17 · b73ecd88 · b73ecd88
隐藏空白更改
内联并排

Showing with 1 addition and 13 deletion

block/bfq-iosched.c block/bfq-iosched.c +0 -12

block/blk-mq-sched.h block/blk-mq-sched.h +1 -1

未找到文件。
--- a/block/bfq-iosched.c
+++ b/block/bfq-iosched.c
@@ -4867,18 +4867,6 @@ static void bfq_finish_requeue_request(struct request *rq)
 	struct bfq_queue *bfqq = RQ_BFQQ(rq);
 	struct bfq_data *bfqd;
-	/*
-	 * Requeue and finish hooks are invoked in blk-mq without
-	 * checking whether the involved request is actually still
-	 * referenced in the scheduler. To handle this fact, the
-	 * following two checks make this function exit in case of
-	 * spurious invocations, for which there is nothing to do.
-	 *
-	 * First, check whether rq has nothing to do with an elevator.
-	 */
-	if (unlikely(!(rq->rq_flags & RQF_ELVPRIV)))
-		return;
 	/*
 	 * rq either is not associated with any icq, or is an already
 	 * requeued request that has not (yet) been re-inserted into

--- a/block/blk-mq-sched.h
+++ b/block/blk-mq-sched.h
@@ -72,7 +72,7 @@ static inline void blk_mq_sched_requeue_request(struct request *rq)
 	struct request_queue *q = rq->q;
 	struct elevator_queue *e = q->elevator;
-	if (e && e->type->ops.mq.requeue_request)
+	if ((rq->rq_flags & RQF_ELVPRIV) && e && e->type->ops.mq.requeue_request)
 		e->type->ops.mq.requeue_request(rq);
 }