NVMe induced NULL deref in bt_iter()
Ming Lei
ming.lei at redhat.com
Mon Jul 3 05:03:49 PDT 2017
On Mon, Jul 03, 2017 at 01:07:44PM +0300, Sagi Grimberg wrote:
> Hi Ming,
>
> > Yeah, the above change is correct, for any canceling requests in this
> > way we should use blk_mq_quiesce_queue().
>
> I still don't understand why should blk_mq_flush_busy_ctxs hit a NULL
> deref if we don't touch the tagset...
Looks no one mentioned the steps for reproduction, then it isn't easy
to understand the related use case, could anyone share the steps for
reproduction?
>
> Also, I'm wandering in what case we shouldn't use
> blk_mq_quiesce_queue()? Maybe we should unexport blk_mq_stop_hw_queues()
> and blk_mq_start_stopped_hw_queues() and use the quiesce/unquiesce
> equivalent always?
There are at least one case in which we have to use stop queues:
- when QUEUE_BUSY(now it becomes BLK_STS_RESOURCE) happens, some drivers
need to stop queues for avoiding to hurt CPU, such as virtio-blk, ...
>
> The only fishy usage is in nvme_fc_start_fcp_op() where if submission
> failed the code stop the hw queues and delays it, but I think it should
> be handled differently..
It looks like the old way of scsi-mq, but scsi has removed this way and
avoids to stop queue.
Thanks,
Ming
More information about the Linux-nvme
mailing list