From patchwork Wed Mar 30 12:42:44 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Kara X-Patchwork-Id: 555270 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1CCAAC433F5 for ; Wed, 30 Mar 2022 12:45:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345385AbiC3MrC (ORCPT ); Wed, 30 Mar 2022 08:47:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34384 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345327AbiC3Mqk (ORCPT ); Wed, 30 Mar 2022 08:46:40 -0400 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 97E347DE17; Wed, 30 Mar 2022 05:43:02 -0700 (PDT) Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out2.suse.de (Postfix) with ESMTP id 2E0AC1F38C; Wed, 30 Mar 2022 12:43:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1648644181; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vLbXYHxIS9+MRxNXnLg56MB0MlJ/8dPXaZ7nAX5+HvE=; b=nSRGpGh1Os+Uv34BDMGUSUMsLXwq1Pw83aaeCbaEljTIqam6Na/4GzPRMsLoeeR+1v9M1L Qcf4ncfsayrcRoymZafGv6xOEE6LXbQnO04K3zZIFXEVALQDnsJ4sXxQGuzIuGz2M2xBEG i46MiTQF3TIpcTNGr7OV23sd9p4X3QM= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1648644181; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vLbXYHxIS9+MRxNXnLg56MB0MlJ/8dPXaZ7nAX5+HvE=; b=oIMjBwwUpMJ8Zv5bH2C0iC7zL6t72WRs7o/fyyiTtgBwah44F2mcA7gINHIm0Lc70vX6yI emK3fAp5fbbI00AQ== Received: from quack3.suse.cz (unknown [10.163.28.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by relay2.suse.de (Postfix) with ESMTPS id 1EA50A3B96; Wed, 30 Mar 2022 12:43:01 +0000 (UTC) Received: by quack3.suse.cz (Postfix, from userid 1000) id 678C7A0615; Wed, 30 Mar 2022 14:42:56 +0200 (CEST) From: Jan Kara To: Cc: Paolo Valente , Jens Axboe , "yukuai (C)" , Jan Kara , stable@vger.kernel.org Subject: [PATCH 1/9] bfq: Avoid false marking of bic as stably merged Date: Wed, 30 Mar 2022 14:42:44 +0200 Message-Id: <20220330124255.24581-1-jack@suse.cz> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220330123438.32719-1-jack@suse.cz> References: <20220330123438.32719-1-jack@suse.cz> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1119; h=from:subject; bh=y0+aE+PP4MGA/7TmenAivQcOtrdcGD/YLmt5dn84/Js=; b=owEBbQGS/pANAwAIAZydqgc/ZEDZAcsmYgBiRFBEyII0Q8DmSosqFkx2FseuyFwd22h1KoedIzeV 4ygRUqeJATMEAAEIAB0WIQSrWdEr1p4yirVVKBycnaoHP2RA2QUCYkRQRAAKCRCcnaoHP2RA2ZLuB/ 9/QQIouvPceN+2Ild6FwsBmpqRWWRfqZzTqWf8oJ5KFzDIMTewhGgS/gOv6MF/9tAWcQftGQl+Z9lV frfC9y6NZAocBTs8CpFS28y0O39kJDSuo0qwy9Ohycfzo4MkNu8Aoz1j6Ksz8FQdQgko2cgk8ybeMf Rgx9mQbpFyKHxWQEgezllQ7kpJUded8PkHXJoJ34OR9HuwvmAu4yv6UKEKNulUIWTvgw2ubeqCvpKu 827U0ZeVZoPUW8lWnJnI6ZGFnJ0lL/EM6FbAYL0OZWViiYTwUpeN3BVVWOyIQfMVxLCuqwZR2wJE/k B59ZWSn4u8J+xyM3QHHcGn4Ixz6D5g X-Developer-Key: i=jack@suse.cz; a=openpgp; fpr=93C6099A142276A28BBE35D815BC833443038D8C Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org bfq_setup_cooperator() can mark bic as stably merged even though it decides to not merge its bfqqs (when bfq_setup_merge() returns NULL). Make sure to mark bic as stably merged only if we are really going to merge bfqqs. CC: stable@vger.kernel.org Fixes: 430a67f9d616 ("block, bfq: merge bursts of newly-created queues") Signed-off-by: Jan Kara --- block/bfq-iosched.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c index 2e0dd68a3cbe..6d122c28086e 100644 --- a/block/bfq-iosched.c +++ b/block/bfq-iosched.c @@ -2895,9 +2895,12 @@ bfq_setup_cooperator(struct bfq_data *bfqd, struct bfq_queue *bfqq, struct bfq_queue *new_bfqq = bfq_setup_merge(bfqq, stable_merge_bfqq); - bic->stably_merged = true; - if (new_bfqq && new_bfqq->bic) - new_bfqq->bic->stably_merged = true; + if (new_bfqq) { + bic->stably_merged = true; + if (new_bfqq->bic) + new_bfqq->bic->stably_merged = + true; + } return new_bfqq; } else return NULL; From patchwork Wed Mar 30 12:42:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Kara X-Patchwork-Id: 555268 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 00CA6C433FE for ; Wed, 30 Mar 2022 12:47:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344024AbiC3MtN (ORCPT ); Wed, 30 Mar 2022 08:49:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34400 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345436AbiC3Mqy (ORCPT ); Wed, 30 Mar 2022 08:46:54 -0400 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 980B77DE18; Wed, 30 Mar 2022 05:43:02 -0700 (PDT) Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out2.suse.de (Postfix) with ESMTP id 32D311F7AD; Wed, 30 Mar 2022 12:43:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1648644181; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=t33HL+ZUEFlbU34WO0KCc7WMDxCOogLnEO2lgYt7GyI=; b=tPra7vJ/PLkZjLoyJyJtYoj60GHLORHRUm26M/lmRqA7bZunT1JZDwpKQfeAz+pBHyRfwM TysElPdleLJn+lH0oQcRnEpnasA4mH5PxFj/ecNnbdu86K3OGzqFeeXAmGoFe2ZABANdvq CqQO/U3cQBP5FYGShhkrHj7GpWKUtME= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1648644181; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=t33HL+ZUEFlbU34WO0KCc7WMDxCOogLnEO2lgYt7GyI=; b=nOd1pPT6XfPDMMyWbG1wD1lHIGcuMJEOipfq0GGkICTFCaMTzS2NEw1ZgHHTzRxNGxHpTe CLOqcoEqNYhf/hAw== Received: from quack3.suse.cz (unknown [10.163.28.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by relay2.suse.de (Postfix) with ESMTPS id 19C7FA3B87; Wed, 30 Mar 2022 12:43:01 +0000 (UTC) Received: by quack3.suse.cz (Postfix, from userid 1000) id 6D76CA0618; Wed, 30 Mar 2022 14:42:56 +0200 (CEST) From: Jan Kara To: Cc: Paolo Valente , Jens Axboe , "yukuai (C)" , Jan Kara , stable@vger.kernel.org Subject: [PATCH 2/9] bfq: Avoid merging queues with different parents Date: Wed, 30 Mar 2022 14:42:45 +0200 Message-Id: <20220330124255.24581-2-jack@suse.cz> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220330123438.32719-1-jack@suse.cz> References: <20220330123438.32719-1-jack@suse.cz> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2888; h=from:subject; bh=YqBlQaGG2lClN376Ajy30o6ZjdZ8iHsmFLLyoJCVJMo=; b=owEBbQGS/pANAwAIAZydqgc/ZEDZAcsmYgBiRFBFfmNBeD3h5JnQFvzsn+bZ+enOfvA9fnQFJLLh 6qs1mlWJATMEAAEIAB0WIQSrWdEr1p4yirVVKBycnaoHP2RA2QUCYkRQRQAKCRCcnaoHP2RA2SNqCA DLTF+x5XZWnpGNEd85aBZ7N00LIP8HRX74AP2CYrngUXsmkSErYh/j8UOjn9V0jivuHPQDSyt7/pvg 1JxCle30Fy0AGnFU28aadcquqQ8ZiEUoKN/uBLuVvsV9WDM6toKq83EEWr7cc7BVGPxb757Z7j4JVb DK2T1WktV+wMN46dg9g7f+7u+oipSegsHp3FzGErkc11KgXB4wRNopS2gzs7i4HGmKdLsk8EOat0qv FBBRHjA1SuUGeV2XcAPXI5i/fy7NiS/+FDB1UjIneZ908+cAetJKk2Nf7n9oKsh66f+YOyHybrbRBg lV+6MCfLXQ4ariBmU7NfJqaBSo0Kxx X-Developer-Key: i=jack@suse.cz; a=openpgp; fpr=93C6099A142276A28BBE35D815BC833443038D8C Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org It can happen that the parent of a bfqq changes between the moment we decide two queues are worth to merge (and set bic->stable_merge_bfqq) and the moment bfq_setup_merge() is called. This can happen e.g. because the process submitted IO for a different cgroup and thus bfqq got reparented. It can even happen that the bfqq we are merging with has parent cgroup that is already offline and going to be destroyed in which case the merge can lead to use-after-free issues such as: BUG: KASAN: use-after-free in __bfq_deactivate_entity+0x9cb/0xa50 Read of size 8 at addr ffff88800693c0c0 by task runc:[2:INIT]/10544 CPU: 0 PID: 10544 Comm: runc:[2:INIT] Tainted: G E 5.15.2-0.g5fb85fd-default #1 openSUSE Tumbleweed (unreleased) f1f3b891c72369aebecd2e43e4641a6358867c70 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a-rebuilt.opensuse.org 04/01/2014 Call Trace: dump_stack_lvl+0x46/0x5a print_address_description.constprop.0+0x1f/0x140 ? __bfq_deactivate_entity+0x9cb/0xa50 kasan_report.cold+0x7f/0x11b ? __bfq_deactivate_entity+0x9cb/0xa50 __bfq_deactivate_entity+0x9cb/0xa50 ? update_curr+0x32f/0x5d0 bfq_deactivate_entity+0xa0/0x1d0 bfq_del_bfqq_busy+0x28a/0x420 ? resched_curr+0x116/0x1d0 ? bfq_requeue_bfqq+0x70/0x70 ? check_preempt_wakeup+0x52b/0xbc0 __bfq_bfqq_expire+0x1a2/0x270 bfq_bfqq_expire+0xd16/0x2160 ? try_to_wake_up+0x4ee/0x1260 ? bfq_end_wr_async_queues+0xe0/0xe0 ? _raw_write_unlock_bh+0x60/0x60 ? _raw_spin_lock_irq+0x81/0xe0 bfq_idle_slice_timer+0x109/0x280 ? bfq_dispatch_request+0x4870/0x4870 __hrtimer_run_queues+0x37d/0x700 ? enqueue_hrtimer+0x1b0/0x1b0 ? kvm_clock_get_cycles+0xd/0x10 ? ktime_get_update_offsets_now+0x6f/0x280 hrtimer_interrupt+0x2c8/0x740 Fix the problem by checking that the parent of the two bfqqs we are merging in bfq_setup_merge() is the same. Link: https://lore.kernel.org/linux-block/20211125172809.GC19572@quack2.suse.cz/ CC: stable@vger.kernel.org Fixes: 430a67f9d616 ("block, bfq: merge bursts of newly-created queues") Signed-off-by: Jan Kara --- block/bfq-iosched.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c index 6d122c28086e..7d00b21ebe5d 100644 --- a/block/bfq-iosched.c +++ b/block/bfq-iosched.c @@ -2758,6 +2758,14 @@ bfq_setup_merge(struct bfq_queue *bfqq, struct bfq_queue *new_bfqq) if (process_refs == 0 || new_process_refs == 0) return NULL; + /* + * Make sure merged queues belong to the same parent. Parents could + * have changed since the time we decided the two queues are suitable + * for merging. + */ + if (new_bfqq->entity.parent != bfqq->entity.parent) + return NULL; + bfq_log_bfqq(bfqq->bfqd, bfqq, "scheduling merge with queue %d", new_bfqq->pid); From patchwork Wed Mar 30 12:42:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Kara X-Patchwork-Id: 555269 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 51665C4332F for ; Wed, 30 Mar 2022 12:45:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345620AbiC3MrG (ORCPT ); Wed, 30 Mar 2022 08:47:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46642 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345236AbiC3Mqy (ORCPT ); Wed, 30 Mar 2022 08:46:54 -0400 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 97D5B7DE16; Wed, 30 Mar 2022 05:43:02 -0700 (PDT) Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out2.suse.de (Postfix) with ESMTP id 2E0C81F7AB; Wed, 30 Mar 2022 12:43:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1648644181; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=RQpb3DlBpC+xUzJx/SvzpuHxoRpxIiDopbRVeNdSa9A=; b=yR5UWcrbn14XpWeWjX5H6HlNocJ16DztxIg7aPmwVLIq4VH4hY5gO9mr+pDHF0/5LMEHRL cVpcZ+6oRrfvj1fDHaousDrG2RYQApIkSIuzKkXefILHzX3xAn/teQuVYj/+j7J5YBcPzj +0qsftB9lTnGKin+iMojNJI6W5sXIM8= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1648644181; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=RQpb3DlBpC+xUzJx/SvzpuHxoRpxIiDopbRVeNdSa9A=; b=u6cKgGrGYXHqcfeLJb6mXH76Bf9vSh3/Z8nXsWCZIL3zBbP7NxAp/j/jUOehB6ZQ/Fe0hL Ak22qhc53arabJBA== Received: from quack3.suse.cz (unknown [10.163.28.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by relay2.suse.de (Postfix) with ESMTPS id 19BA9A3B83; Wed, 30 Mar 2022 12:43:01 +0000 (UTC) Received: by quack3.suse.cz (Postfix, from userid 1000) id 78D4CA061A; Wed, 30 Mar 2022 14:42:56 +0200 (CEST) From: Jan Kara To: Cc: Paolo Valente , Jens Axboe , "yukuai (C)" , Jan Kara , stable@vger.kernel.org Subject: [PATCH 4/9] bfq: Update cgroup information before merging bio Date: Wed, 30 Mar 2022 14:42:47 +0200 Message-Id: <20220330124255.24581-4-jack@suse.cz> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220330123438.32719-1-jack@suse.cz> References: <20220330123438.32719-1-jack@suse.cz> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1409; h=from:subject; bh=vBnlnDsUwY71kZB9dCskeOZQL4WP3DTzp9qFZwDR62M=; b=owEBbQGS/pANAwAIAZydqgc/ZEDZAcsmYgBiRFBH7s2MVgHfYyX7/j3Uz+L7Pwc2kwt7cjXogDoj nSmTnGWJATMEAAEIAB0WIQSrWdEr1p4yirVVKBycnaoHP2RA2QUCYkRQRwAKCRCcnaoHP2RA2RSSB/ 0WB0b7X01Qo+1rx9nKW/zefbr92awfYlpwrSL8lo6045feevYqyavolAM8ZOa9k3I7GtKLYVHzYigp fYZuQrmyUn3ur6/sz58I126oHSGGjaAv902P4tt2JiDr7PN205xZ2AwEIebyJi9Q4gGoxJ+cE74ZcY PvqEBu5aNbHwug8UQxlxV4ZZnmvxOpdt0/3yJohDd7Jldyy4ze5rsj3mi5AvHllz9mWIsxw+cSwr/q joayjRM0nZU0KdoKgE4RU5qdIx3ZO82m6yWi7eZZxumNosImKmgoNv0ZsnFob9JRrSMlGB0hrui5uK FbalNNj69MP8f48mePNHAPO0NsLydj X-Developer-Key: i=jack@suse.cz; a=openpgp; fpr=93C6099A142276A28BBE35D815BC833443038D8C Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org When the process is migrated to a different cgroup (or in case of writeback just starts submitting bios associated with a different cgroup) bfq_merge_bio() can operate with stale cgroup information in bic. Thus the bio can be merged to a request from a different cgroup or it can result in merging of bfqqs for different cgroups or bfqqs of already dead cgroups and causing possible use-after-free issues. Fix the problem by updating cgroup information in bfq_merge_bio(). CC: stable@vger.kernel.org Fixes: e21b7a0b9887 ("block, bfq: add full hierarchical scheduling and cgroups support") Signed-off-by: Jan Kara --- block/bfq-iosched.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c index 89fe3f85eb3c..1fc4d4628fba 100644 --- a/block/bfq-iosched.c +++ b/block/bfq-iosched.c @@ -2457,10 +2457,17 @@ static bool bfq_bio_merge(struct request_queue *q, struct bio *bio, spin_lock_irq(&bfqd->lock); - if (bic) + if (bic) { + /* + * Make sure cgroup info is uptodate for current process before + * considering the merge. + */ + bfq_bic_update_cgroup(bic, bio); + bfqd->bio_bfqq = bic_to_bfqq(bic, op_is_sync(bio->bi_opf)); - else + } else { bfqd->bio_bfqq = NULL; + } bfqd->bio_bic = bic; ret = blk_mq_sched_try_merge(q, bio, nr_segs, &free);