From patchwork Wed Jan 5 14:36:32 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Kara X-Patchwork-Id: 530454 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D2A59C433F5 for ; Thu, 6 Jan 2022 15:46:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240723AbiAFPqE (ORCPT ); Thu, 6 Jan 2022 10:46:04 -0500 Received: from smtp-out1.suse.de ([195.135.220.28]:50290 "EHLO smtp-out1.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240596AbiAFPpq (ORCPT ); Thu, 6 Jan 2022 10:45:46 -0500 Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out1.suse.de (Postfix) with ESMTP id A70272113A; Thu, 6 Jan 2022 15:45:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1641483945; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=pS/tDT0OL3AJ1Hj7o6QL2j+6i7j/yu+TDoB+Spendow=; b=ai6Mk7JwRL7ho88WGbBwr1HsZJ/48+CvQUy8fwM/6G3hwzzKGjV67/UErAES8OpQyZmj+o aISzg6eP+cdoNgvonsImGM9c37WvsKZ3GTzFj1q1FhCbt7+1CdlREOxFZRIZIkQyfeKX7z 63qUIGYyMDLJcnnVXCvqkm8J/uv21pU= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1641483945; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=pS/tDT0OL3AJ1Hj7o6QL2j+6i7j/yu+TDoB+Spendow=; b=304cqqKhQAjXqqqqsVSqLgTUJL0MYtGjAe9z5EPAAXWJ8+vNrdwzq2r04ayNUqach9Lm4d QkGqLBWJG/vTdlAg== Received: from quack3.suse.cz (unknown [10.163.43.118]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by relay2.suse.de (Postfix) with ESMTPS id 93D05A3B87; Thu, 6 Jan 2022 15:45:45 +0000 (UTC) Received: by localhost (Postfix, from userid 1000) id C6E80A07E1; Wed, 5 Jan 2022 15:36:39 +0100 (CET) From: Jan Kara To: Cc: Paolo Valente , Jens Axboe , "yukuai (C)" , Jan Kara , stable@vger.kernel.org Subject: [PATCH 1/5] bfq: Avoid false marking of bic as stably merged Date: Wed, 5 Jan 2022 15:36:32 +0100 Message-Id: <20220105143639.31266-1-jack@suse.cz> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220105143037.20542-1-jack@suse.cz> References: <20220105143037.20542-1-jack@suse.cz> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1119; h=from:subject; bh=5U8ovRbTkvkFai3dDsau8hR63c7msoBSWRjO0JL3zkc=; b=owEBbQGS/pANAwAIAZydqgc/ZEDZAcsmYgBh1azwD9DXHDYFgwsklw51KXLtvtKGVx/PMj1feWCk x+0rFemJATMEAAEIAB0WIQSrWdEr1p4yirVVKBycnaoHP2RA2QUCYdWs8AAKCRCcnaoHP2RA2VKTB/ 94dBTvwc+jnpzmyTh6pPFiOWodsqz0zcdocFPrZAvwjefVjK4nJEvP1tvHIoMfndNKEXvloXeXc493 6Nh24lxZzeQVHecyLHoOvY0gE2cWsWcHCIAulLtFL0Qy07x5bhdi8xQi13aRdHMSMhanO8SpEuRpus NyzdcxTxzwP43s+57SyYOP4jfjZUoewz8rb5SQODPQN2DXelGnk8bMDWvllJqY+vAbLVpcXyyNKFxb qY+10BRLmgh3H0a7sGmiGCzWCLovlfSc4gts67mLRTiH5jGef12VN5hTQpbklw5KIp5FxhAbEdPS+d Pa1DO4QTlZNtTM4xe4IndlUUjce7fH X-Developer-Key: i=jack@suse.cz; a=openpgp; fpr=93C6099A142276A28BBE35D815BC833443038D8C Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org bfq_setup_cooperator() can mark bic as stably merged even though it decides to not merge its bfqqs (when bfq_setup_merge() returns NULL). Make sure to mark bic as stably merged only if we are really going to merge bfqqs. CC: stable@vger.kernel.org Fixes: 430a67f9d616 ("block, bfq: merge bursts of newly-created queues") Signed-off-by: Jan Kara --- block/bfq-iosched.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c index fec18118dc30..056399185c2f 100644 --- a/block/bfq-iosched.c +++ b/block/bfq-iosched.c @@ -2762,9 +2762,12 @@ bfq_setup_cooperator(struct bfq_data *bfqd, struct bfq_queue *bfqq, struct bfq_queue *new_bfqq = bfq_setup_merge(bfqq, stable_merge_bfqq); - bic->stably_merged = true; - if (new_bfqq && new_bfqq->bic) - new_bfqq->bic->stably_merged = true; + if (new_bfqq) { + bic->stably_merged = true; + if (new_bfqq->bic) + new_bfqq->bic->stably_merged = + true; + } return new_bfqq; } else return NULL; From patchwork Wed Jan 5 14:36:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Kara X-Patchwork-Id: 530679 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id AA432C433EF for ; Thu, 6 Jan 2022 15:45:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240593AbiAFPpu (ORCPT ); Thu, 6 Jan 2022 10:45:50 -0500 Received: from smtp-out2.suse.de ([195.135.220.29]:47270 "EHLO smtp-out2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240624AbiAFPps (ORCPT ); Thu, 6 Jan 2022 10:45:48 -0500 Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out2.suse.de (Postfix) with ESMTP id B576F1F3A8; Thu, 6 Jan 2022 15:45:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1641483945; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=oeshiqmmWZD73GkSK4+N+GqKNPAYETIzxJpuE6/zef0=; b=1h9Gr/LPNxTD+nbAWYuY1xHYKDzUweSd9jyJXhTx6so4YECU59JdfAOX9xw2D8Na18Fy+N f623BXGHM9n6rI5gBrJ/LhA9ivaMTMh17IP2FGUWGXESyXbFhUsdjUxHaaRz1ifIxWlkgU I6rf71JyB6jyXrtXwV0iGvWk7TpUA8c= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1641483945; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=oeshiqmmWZD73GkSK4+N+GqKNPAYETIzxJpuE6/zef0=; b=/qSqzb2g3P3HU8QwdfzOf826zXr9IM9LXUpLnSrbBtUhHfdpmnzGH0F7TWHpywIVAPg+DI lvbQd6iwtBBf6ECQ== Received: from quack3.suse.cz (unknown [10.163.43.118]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by relay2.suse.de (Postfix) with ESMTPS id 9C81EA3B8A; Thu, 6 Jan 2022 15:45:45 +0000 (UTC) Received: by localhost (Postfix, from userid 1000) id CBFA9A083A; Wed, 5 Jan 2022 15:36:39 +0100 (CET) From: Jan Kara To: Cc: Paolo Valente , Jens Axboe , "yukuai (C)" , Jan Kara , stable@vger.kernel.org Subject: [PATCH 2/5] bfq: Avoid merging queues with different parents Date: Wed, 5 Jan 2022 15:36:33 +0100 Message-Id: <20220105143639.31266-2-jack@suse.cz> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220105143037.20542-1-jack@suse.cz> References: <20220105143037.20542-1-jack@suse.cz> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2888; h=from:subject; bh=Wo1FkmvrgLnsLoxUN8FFedXWnRxiaMVst9kwBuKTVTg=; b=owEBbQGS/pANAwAIAZydqgc/ZEDZAcsmYgBh1azxCr2kJ3pthS1i4guH+kNkcoxQDTHDYlhq+Qn6 JBmDeFCJATMEAAEIAB0WIQSrWdEr1p4yirVVKBycnaoHP2RA2QUCYdWs8QAKCRCcnaoHP2RA2UmGCA CUjIq/XvhxPKEvNHEmv77TbZdLW/4H+NWEz3Ul4Mi7OKUBmSPfDAqXnG2Ga4wD5aSR2LByk5n81ZSO ps9IHFU71GPaV98e2Z1uEKEUe41s3oHUwm/moq2UqWtUseNet57GFFx8gEBVlNrt6RccaAONRSe4HH uW0gjtuZ9Qbew3edY3/zoL274OD10Pm+XyG81JDL8SZqsIVWNfsGOCi40dIWp2ebFoKBdruT1t9ASv LT+wGMn1ELIAqd0jqvm8dV45UaE5mW2ekX9L18jHAQfm5WO9ksPJaPPzgwePgjG4iw/MOTcDfUAc9b Az/RmgNatgvvYCIlG7YZ3whYoZnI8k X-Developer-Key: i=jack@suse.cz; a=openpgp; fpr=93C6099A142276A28BBE35D815BC833443038D8C Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org It can happen that the parent of a bfqq changes between the moment we decide two queues are worth to merge (and set bic->stable_merge_bfqq) and the moment bfq_setup_merge() is called. This can happen e.g. because the process submitted IO for a different cgroup and thus bfqq got reparented. It can even happen that the bfqq we are merging with has parent cgroup that is already offline and going to be destroyed in which case the merge can lead to use-after-free issues such as: BUG: KASAN: use-after-free in __bfq_deactivate_entity+0x9cb/0xa50 Read of size 8 at addr ffff88800693c0c0 by task runc:[2:INIT]/10544 CPU: 0 PID: 10544 Comm: runc:[2:INIT] Tainted: G E 5.15.2-0.g5fb85fd-default #1 openSUSE Tumbleweed (unreleased) f1f3b891c72369aebecd2e43e4641a6358867c70 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a-rebuilt.opensuse.org 04/01/2014 Call Trace: dump_stack_lvl+0x46/0x5a print_address_description.constprop.0+0x1f/0x140 ? __bfq_deactivate_entity+0x9cb/0xa50 kasan_report.cold+0x7f/0x11b ? __bfq_deactivate_entity+0x9cb/0xa50 __bfq_deactivate_entity+0x9cb/0xa50 ? update_curr+0x32f/0x5d0 bfq_deactivate_entity+0xa0/0x1d0 bfq_del_bfqq_busy+0x28a/0x420 ? resched_curr+0x116/0x1d0 ? bfq_requeue_bfqq+0x70/0x70 ? check_preempt_wakeup+0x52b/0xbc0 __bfq_bfqq_expire+0x1a2/0x270 bfq_bfqq_expire+0xd16/0x2160 ? try_to_wake_up+0x4ee/0x1260 ? bfq_end_wr_async_queues+0xe0/0xe0 ? _raw_write_unlock_bh+0x60/0x60 ? _raw_spin_lock_irq+0x81/0xe0 bfq_idle_slice_timer+0x109/0x280 ? bfq_dispatch_request+0x4870/0x4870 __hrtimer_run_queues+0x37d/0x700 ? enqueue_hrtimer+0x1b0/0x1b0 ? kvm_clock_get_cycles+0xd/0x10 ? ktime_get_update_offsets_now+0x6f/0x280 hrtimer_interrupt+0x2c8/0x740 Fix the problem by checking that the parent of the two bfqqs we are merging in bfq_setup_merge() is the same. Link: https://lore.kernel.org/linux-block/20211125172809.GC19572@quack2.suse.cz/ CC: stable@vger.kernel.org Fixes: 430a67f9d616 ("block, bfq: merge bursts of newly-created queues") Signed-off-by: Jan Kara --- block/bfq-iosched.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c index 056399185c2f..0da47f2ca781 100644 --- a/block/bfq-iosched.c +++ b/block/bfq-iosched.c @@ -2638,6 +2638,14 @@ bfq_setup_merge(struct bfq_queue *bfqq, struct bfq_queue *new_bfqq) if (process_refs == 0 || new_process_refs == 0) return NULL; + /* + * Make sure merged queues belong to the same parent. Parents could + * have changed since the time we decided the two queues are suitable + * for merging. + */ + if (new_bfqq->entity.parent != bfqq->entity.parent) + return NULL; + bfq_log_bfqq(bfqq->bfqd, bfqq, "scheduling merge with queue %d", new_bfqq->pid); From patchwork Wed Jan 5 14:36:34 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Kara X-Patchwork-Id: 530680 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E445EC433FE for ; Thu, 6 Jan 2022 15:45:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240619AbiAFPpq (ORCPT ); Thu, 6 Jan 2022 10:45:46 -0500 Received: from smtp-out1.suse.de ([195.135.220.28]:50266 "EHLO smtp-out1.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240583AbiAFPpq (ORCPT ); Thu, 6 Jan 2022 10:45:46 -0500 Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out1.suse.de (Postfix) with ESMTP id 4757E210EC; Thu, 6 Jan 2022 15:45:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1641483945; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6qjJiNK0cWTOqoFS+WWMjdK5b55EjHrufpsxkVrl5B4=; b=VyZBEExWWmXVlghNv1UqlKzJwbjd9Z3vOoe5FCX8Pd1wXS2XcmDTjyPCzW4rKJLkSjklT/ 19jZpwcuOauRMXTHv70bq4BOKMathz0GKml5JC6bz6i9Hkax/JCvQQWqYM0eB5Ze4QKRmM +kJHu3qXbwVgb9NWgRXcm6bg8oO3OX4= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1641483945; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6qjJiNK0cWTOqoFS+WWMjdK5b55EjHrufpsxkVrl5B4=; b=DLLigEj3YRqwf1RZ13Xvh3cJBFgzuJHp1cPsG6H9K3TeDoGwtRlMBZAPspujbi9SMnlIzs saMaFWtThFLTbHAQ== Received: from quack3.suse.cz (unknown [10.163.43.118]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by relay2.suse.de (Postfix) with ESMTPS id 2A64AA3B85; Thu, 6 Jan 2022 15:45:44 +0000 (UTC) Received: by localhost (Postfix, from userid 1000) id D0A60A083C; Wed, 5 Jan 2022 15:36:39 +0100 (CET) From: Jan Kara To: Cc: Paolo Valente , Jens Axboe , "yukuai (C)" , Jan Kara , stable@vger.kernel.org Subject: [PATCH 3/5] bfq: Simplify bfq_put_cooperator() Date: Wed, 5 Jan 2022 15:36:34 +0100 Message-Id: <20220105143639.31266-3-jack@suse.cz> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220105143037.20542-1-jack@suse.cz> References: <20220105143037.20542-1-jack@suse.cz> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1653; h=from:subject; bh=6QtknRLV0Xa9cvkfRyUEwR+73nSDXeh5oZVQ4gxDteg=; b=owEBbQGS/pANAwAIAZydqgc/ZEDZAcsmYgBh1azyH+eh3DREjrGH+y2vmzAI/9yAj+JGWvNZoVum F8L48fmJATMEAAEIAB0WIQSrWdEr1p4yirVVKBycnaoHP2RA2QUCYdWs8gAKCRCcnaoHP2RA2TrjCA CYs+fmxlJqHNeBgiojpbv9dTIi6JFthdRl1W4lTIWes4bEiphRBSK+DgrEmfcDgLuYvGUM+2RbVp90 wsrNekQCGREEbgzu4ZjgfKuGrywEyO1VsBaVkiEXEiGlL29CrbzKWzz7WNHUDjL9QTjp44MsraThrY yDHjnpVdEog5N9twJofXRCl+fBA21i8YgAsFpzsvm2kzMOFVVUggOX3RU3axy3rVraJ0fa1UMYwY/N peVPp+gdBhdWLfeaOurfziKO/Q3Zu35nfcbRXLJf+p/+FbruFieLBprVRNV9sk66u5rS5sNKb3N31d PZgk7hX0RtfydLvh+l/+CoGBAcc9Xw X-Developer-Key: i=jack@suse.cz; a=openpgp; fpr=93C6099A142276A28BBE35D815BC833443038D8C Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org All calls to bfq_setup_merge() are followed by bfq_merge_bfqqs() so there should be no chance for chaining several queue merges. And if chained queue merges were possible, then bfq_put_cooperator() would drop cooperator references without clearing corresponding bfqq->new_bfqq pointers causing possible use-after-free issues. Fix these problems by making bfq_put_cooperator() drop only the immediate bfqq->new_bfqq reference. CC: stable@vger.kernel.org Fixes: 36eca8948323 ("block, bfq: add Early Queue Merge (EQM)") Signed-off-by: Jan Kara --- block/bfq-iosched.c | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c index 0da47f2ca781..654191c6face 100644 --- a/block/bfq-iosched.c +++ b/block/bfq-iosched.c @@ -5184,22 +5184,16 @@ static void bfq_put_stable_ref(struct bfq_queue *bfqq) bfq_put_queue(bfqq); } + +/* + * If this queue was scheduled to merge with another queue, be + * sure to drop the reference taken on that queue. + */ static void bfq_put_cooperator(struct bfq_queue *bfqq) { - struct bfq_queue *__bfqq, *next; - - /* - * If this queue was scheduled to merge with another queue, be - * sure to drop the reference taken on that queue (and others in - * the merge chain). See bfq_setup_merge and bfq_merge_bfqqs. - */ - __bfqq = bfqq->new_bfqq; - while (__bfqq) { - if (__bfqq == bfqq) - break; - next = __bfqq->new_bfqq; - bfq_put_queue(__bfqq); - __bfqq = next; + if (bfqq->new_bfqq) { + bfq_put_queue(bfqq->new_bfqq); + bfqq->new_bfqq = NULL; } } From patchwork Wed Jan 5 14:36:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Kara X-Patchwork-Id: 530678 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 89F3AC4332F for ; Thu, 6 Jan 2022 15:46:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240737AbiAFPp5 (ORCPT ); Thu, 6 Jan 2022 10:45:57 -0500 Received: from smtp-out2.suse.de ([195.135.220.29]:47176 "EHLO smtp-out2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240585AbiAFPpq (ORCPT ); Thu, 6 Jan 2022 10:45:46 -0500 Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out2.suse.de (Postfix) with ESMTP id 46CDB1F39B; Thu, 6 Jan 2022 15:45:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1641483945; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=uH6rLm0uvdtCUs+5Hj4fNqeCcJ6uGEpoau8APl9ELjQ=; b=3TeVkJopoFu9yJLUeZy2ffsgUZp1dfofweUi4OTkDOEkdAHDtQ1lLOH0iKq46Fnqa4kzIu PbEX3HsoUBeniKgu9yWHckzge8iv/adfLYxYI4F5ppQvlE/MCSnc8MQocCSckir2GKB4MZ kv2MUv8oWcnhT+JADEtdbnp0ffZMuVc= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1641483945; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=uH6rLm0uvdtCUs+5Hj4fNqeCcJ6uGEpoau8APl9ELjQ=; b=EOPcjPEN/MirAIsj8vRnUOnZhy8MYcz199sfKPDjurQCzbpDKW+m3pApA7ZiG322nJCVnn zIwgWV1TZftVioDA== Received: from quack3.suse.cz (unknown [10.163.43.118]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by relay2.suse.de (Postfix) with ESMTPS id 270B3A3B84; Thu, 6 Jan 2022 15:45:44 +0000 (UTC) Received: by localhost (Postfix, from userid 1000) id D495BA0845; Wed, 5 Jan 2022 15:36:39 +0100 (CET) From: Jan Kara To: Cc: Paolo Valente , Jens Axboe , "yukuai (C)" , Jan Kara , stable@vger.kernel.org Subject: [PATCH 4/5] bfq: Split shared queues on move between cgroups Date: Wed, 5 Jan 2022 15:36:35 +0100 Message-Id: <20220105143639.31266-4-jack@suse.cz> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220105143037.20542-1-jack@suse.cz> References: <20220105143037.20542-1-jack@suse.cz> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1577; h=from:subject; bh=KDVBmw4QcP3RG5Cns2TtzfOpGdWxxpHSimIBb2OfTMA=; b=owEBbQGS/pANAwAIAZydqgc/ZEDZAcsmYgBh1azz4GQZ1mDoa1ToN0BKKpd5760WlukVhwGlI8La zvCOHxqJATMEAAEIAB0WIQSrWdEr1p4yirVVKBycnaoHP2RA2QUCYdWs8wAKCRCcnaoHP2RA2XkNB/ sHs9rnqYjK6S4mzAveq9dokCAW3IvCdySiHU1oobzP4qhIqUOorlOunDDa4N/KC4WbA9TuGXEFBXLY HyXU21Zi99rlBGpKuRQ2ZLjfgwmHnlqSzu47XY0vOo+dQbP7RGxMM8G3r9t2iMuxPj36kq68PjTSLu CXvZAL7f4oKWJmUDqCjRaqrTbMfQXcWNW6cT8Y+8k6gYLaEg5VAzU5cR98EuUw5VGjlFYoQLtfp2nv m+2Zt+QKYl1Nur4KrpF/FjwTSbCrlpXed/LVH5fuxlpGZX8MglymJPwAQn92+Ts7dq8aX5c4lRSWax hh6a7Pqums7nyFrlpI2xgSQ58Q+OpB X-Developer-Key: i=jack@suse.cz; a=openpgp; fpr=93C6099A142276A28BBE35D815BC833443038D8C Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org When bfqq is shared by multiple processes it can happen that one of the processes gets moved to a different cgroup (or just starts submitting IO for different cgroup). In case that happens we need to split the merged bfqq as otherwise we will have IO for multiple cgroups in one bfqq and we will just account IO time to wrong entities etc. Similarly if the bfqq is scheduled to merge with another bfqq but the merge didn't happen yet, cancel the merge as it need not be valid anymore. CC: stable@vger.kernel.org Fixes: e21b7a0b9887 ("block, bfq: add full hierarchical scheduling and cgroups support") Signed-off-by: Jan Kara --- block/bfq-cgroup.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/block/bfq-cgroup.c b/block/bfq-cgroup.c index 24a5c5329bcd..a78d86805bd5 100644 --- a/block/bfq-cgroup.c +++ b/block/bfq-cgroup.c @@ -730,8 +730,19 @@ static struct bfq_group *__bfq_bic_change_cgroup(struct bfq_data *bfqd, if (sync_bfqq) { entity = &sync_bfqq->entity; - if (entity->sched_data != &bfqg->sched_data) + if (entity->sched_data != &bfqg->sched_data) { + /* + * Moving bfqq that is shared with another process? + * Split the queues at the nearest occasion as the + * processes can be in different cgroups now. + */ + if (bfq_bfqq_coop(sync_bfqq)) { + bic->stably_merged = false; + bfq_mark_bfqq_split_coop(sync_bfqq); + } + WARN_ON_ONCE(sync_bfqq->new_bfqq); bfq_bfqq_move(bfqd, sync_bfqq, bfqg); + } } return bfqg; From patchwork Wed Jan 5 14:36:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Kara X-Patchwork-Id: 530455 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 03575C4321E for ; Thu, 6 Jan 2022 15:45:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240633AbiAFPps (ORCPT ); Thu, 6 Jan 2022 10:45:48 -0500 Received: from smtp-out1.suse.de ([195.135.220.28]:50276 "EHLO smtp-out1.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240584AbiAFPpq (ORCPT ); Thu, 6 Jan 2022 10:45:46 -0500 Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out1.suse.de (Postfix) with ESMTP id 513652112A; Thu, 6 Jan 2022 15:45:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1641483945; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XI20t3x6VluxG/lEe3pVn9R5bOW+Q1xeNYKAadDibN0=; b=2aMcAwOjv3tN6KVz42xVTCTqcXhUCB3J2tn+LXeQeCMmTq8M2AeOl5ajzhLiA+zDsSkmHO 2DQm88d+Vfxfudju2pWYyEvkpTWhAVCj5xS9d8x62dyAA85LpcnMiAYZ4XHvHHCEylRfvU XGfTKecPhpYBiEaOd453ZvdlXEToxnU= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1641483945; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XI20t3x6VluxG/lEe3pVn9R5bOW+Q1xeNYKAadDibN0=; b=8YFk5AtUz/abnPVcy9O2O4XZwWFnUsqSJo3h0aTB3Hb9jh5AvnDwKicEDk1ie5hd49XaKo fpbPwZrItw+tpcBg== Received: from quack3.suse.cz (unknown [10.163.43.118]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by relay2.suse.de (Postfix) with ESMTPS id 4594EA3B89; Thu, 6 Jan 2022 15:45:45 +0000 (UTC) Received: by localhost (Postfix, from userid 1000) id D8BC4A084C; Wed, 5 Jan 2022 15:36:39 +0100 (CET) From: Jan Kara To: Cc: Paolo Valente , Jens Axboe , "yukuai (C)" , Jan Kara , stable@vger.kernel.org Subject: [PATCH 5/5] bfq: Update cgroup information before merging bio Date: Wed, 5 Jan 2022 15:36:36 +0100 Message-Id: <20220105143639.31266-5-jack@suse.cz> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220105143037.20542-1-jack@suse.cz> References: <20220105143037.20542-1-jack@suse.cz> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1410; h=from:subject; bh=C0+SJ39G5KroczINGXi/DmV/R4t2VczWioMIeh5rfLk=; b=owEBbQGS/pANAwAIAZydqgc/ZEDZAcsmYgBh1az0bT4FhjQ/C3K9EvbFmFE27QKGZ0RF44hR8KVz AKfB/uOJATMEAAEIAB0WIQSrWdEr1p4yirVVKBycnaoHP2RA2QUCYdWs9AAKCRCcnaoHP2RA2d3gCA CxEIICfQmj0qLCyG49URS9AtsNC7S/UKlG6HzbDjzE16TxVcY0OTuJXEnk7SPqykvMpZ/BkwIjrECJ GaIGUeUruWbMRUfKhiqc3+dyh5sMC8OSqMd9X35stuFg4AiKjWLYDV89dPuwexJP0/whI4/3H8uLD5 o7Z869Qtp8j2KcD7hAH0Bdr1yosJtd2iGosPpMWelDujKFe99LIJWEMPtjKYV/cC68wOjWctAftFIb yuaio53FKWNLXY6BX4oMduVH2PtC9e95UjQczrtyTu6CB0JNuYkEqtV7Hd5Y+ShYJVtTzj3jcqaFH3 MVuRAAMqy7Q4cwDAcXvjbFfhS6alNG X-Developer-Key: i=jack@suse.cz; a=openpgp; fpr=93C6099A142276A28BBE35D815BC833443038D8C Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org When the process is migrated to a different cgroup (or in case of writeback just starts submitting bios associated with a different cgroup) bfq_merge_bio() can operate with stale cgroup information in bic. Thus the bio can be merged to a request from a different cgroup or it can result in merging of bfqqs for different cgroups or bfqqs of already dead cgroups and causing possible use-after-free issues. Fix the problem by updating cgroup information in bfq_merge_bio(). CC: stable@vger.kernel.org Fixes: e21b7a0b9887 ("block, bfq: add full hierarchical scheduling and cgroups support") Signed-off-by: Jan Kara --- block/bfq-iosched.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c index 654191c6face..f77f79d1d04c 100644 --- a/block/bfq-iosched.c +++ b/block/bfq-iosched.c @@ -2337,10 +2337,17 @@ static bool bfq_bio_merge(struct request_queue *q, struct bio *bio, spin_lock_irq(&bfqd->lock); - if (bic) + if (bic) { + /* + * Make sure cgroup info is uptodate for current process before + * considering the merge. + */ + bfq_bic_update_cgroup(bic, bio); + bfqd->bio_bfqq = bic_to_bfqq(bic, op_is_sync(bio->bi_opf)); - else + } else { bfqd->bio_bfqq = NULL; + } bfqd->bio_bic = bic; ret = blk_mq_sched_try_merge(q, bio, nr_segs, &free);