This is a note to let you know that I've just added the patch titled
blk-mq: Fix a race between bt_clear_tag() and bt_get()
to the 3.18-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
blk-mq-fix-a-race-between-bt_clear_tag-and-bt_get.patch
and it can be found in the queue-3.18 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.
>From c38d185d4af12e8be63ca4b6745d99449c450f12 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <[email protected]>
Date: Tue, 9 Dec 2014 16:58:35 +0100
Subject: blk-mq: Fix a race between bt_clear_tag() and bt_get()
From: Bart Van Assche <[email protected]>
commit c38d185d4af12e8be63ca4b6745d99449c450f12 upstream.
What we need is the following two guarantees:
* Any thread that observes the effect of the test_and_set_bit() by
__bt_get_word() also observes the preceding addition of 'current'
to the appropriate wait list. This is guaranteed by the semantics
of the spin_unlock() operation performed by prepare_and_wait().
Hence the conversion of test_and_set_bit_lock() into
test_and_set_bit().
* The wait lists are examined by bt_clear() after the tag bit has
been cleared. clear_bit_unlock() guarantees that any thread that
observes that the bit has been cleared also observes the store
operations preceding clear_bit_unlock(). However,
clear_bit_unlock() does not prevent that the wait lists are examined
before that the tag bit is cleared. Hence the addition of a memory
barrier between clear_bit() and the wait list examination.
Signed-off-by: Bart Van Assche <[email protected]>
Cc: Christoph Hellwig <[email protected]>
Cc: Robert Elliott <[email protected]>
Cc: Ming Lei <[email protected]>
Cc: Alexander Gordeev <[email protected]>
Signed-off-by: Jens Axboe <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
block/blk-mq-tag.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
--- a/block/blk-mq-tag.c
+++ b/block/blk-mq-tag.c
@@ -158,7 +158,7 @@ restart:
return -1;
}
last_tag = tag + 1;
- } while (test_and_set_bit_lock(tag, &bm->word));
+ } while (test_and_set_bit(tag, &bm->word));
return tag;
}
@@ -342,11 +342,10 @@ static void bt_clear_tag(struct blk_mq_b
struct bt_wait_state *bs;
int wait_cnt;
- /*
- * The unlock memory barrier need to order access to req in free
- * path and clearing tag bit
- */
- clear_bit_unlock(TAG_TO_BIT(bt, tag), &bt->map[index].word);
+ clear_bit(TAG_TO_BIT(bt, tag), &bt->map[index].word);
+
+ /* Ensure that the wait list checks occur after clear_bit(). */
+ smp_mb();
bs = bt_wake_ptr(bt);
if (!bs)
Patches currently in stable-queue which might be from [email protected] are
queue-3.18/blk-mq-fix-a-use-after-free.patch
queue-3.18/blk-mq-avoid-that-__bt_get_word-wraps-multiple-times.patch
queue-3.18/blk-mq-fix-a-race-between-bt_clear_tag-and-bt_get.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
