Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit cd4a4ae4 authored Jun 02, 2018 by Jens Axboe

block: don't use blocking queue entered for recursive bio submits



If we end up splitting a bio and the queue goes away between
the initial submission and the later split submission, then we
can block forever in blk_queue_enter() waiting for the reference
to drop to zero. This will never happen, since we already hold
a reference.

Mark a split bio as already having entered the queue, so we can
just use the live non-blocking queue enter variant.

Thanks to Tetsuo Handa for the analysis.

Reported-by:  <syzbot+c4f9cebf9d651f6e54de@syzkaller.appspotmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

parent d00a11df

block/blk-core.c

+3 −1

Original line number	Diff line number	Diff line
		@@ -2377,7 +2377,9 @@ blk_qc_t generic_make_request(struct bio *bio)

		if (bio->bi_opf & REQ_NOWAIT)
		flags = BLK_MQ_REQ_NOWAIT;
		if (blk_queue_enter(q, flags) < 0) {
		if (bio_flagged(bio, BIO_QUEUE_ENTERED))
		blk_queue_enter_live(q);
		else if (blk_queue_enter(q, flags) < 0) {
		if (!blk_queue_dying(q) && (bio->bi_opf & REQ_NOWAIT))
		bio_wouldblock_error(bio);
		else

block/blk-merge.c

+10 −0

Original line number	Diff line number	Diff line
		@@ -210,6 +210,16 @@ void blk_queue_split(struct request_queue q, struct bio *bio)
		/* there isn't chance to merge the splitted bio */
		split->bi_opf \|= REQ_NOMERGE;

		/*
		* Since we're recursing into make_request here, ensure
		* that we mark this bio as already having entered the queue.
		* If not, and the queue is going away, we can get stuck
		* forever on waiting for the queue reference to drop. But
		* that will never happen, as we're already holding a
		* reference to it.
		*/
		bio_set_flag(*bio, BIO_QUEUE_ENTERED);

		bio_chain(split, *bio);
		trace_block_split(q, split, (*bio)->bi_iter.bi_sector);
		generic_make_request(*bio);

include/linux/blk_types.h

+2 −0

Original line number	Diff line number	Diff line
		@@ -229,6 +229,8 @@ struct bio {
		* throttling rules. Don't do it again. */
		#define BIO_TRACE_COMPLETION 10 /* bio_endio() should trace the final completion
		* of this bio. */
		#define BIO_QUEUE_ENTERED 11 /* can use blk_queue_enter_live() */

		/* See BVEC_POOL_OFFSET below before adding new flags */

		/*