Re: [RFC PATCH v3 2/3] blk-mq: Freeze and quiesce all queues for tagset in elevator_exit()

[John Garry]

On 16/03/2021 19:59, Bart Van Assche wrote:
> On 3/16/21 10:43 AM, John Garry wrote:
> > On 16/03/2021 17:00, Bart Van Assche wrote:
> > > I agree that Jens asked at the end of 2018 not to touch the fast path
> > > to fix this use-after-free (maybe that request has been repeated more
> > > recently). If Jens or anyone else feels strongly about not clearing
> > > hctx->tags->rqs[rq->tag] from the fast path then I will make that change.

Hi Bart,

> > Is that possible for this same approach? I need to check the code more..
> If the fast path should not be modified, I'm considering to borrow patch
> 1/3 from your patch series

Fine

> and to add an rcu_barrier() between the code
> that clears the request pointers and that frees the scheduler requests.
>
> > And don't we still have the problem that some iter callbacks may
> > sleep/block, which is not allowed in an RCU read-side critical section?
> Thanks for having brought this up. Since none of the functions that
> iterate over requests should be called from the hot path of a block
> driver, I think that we can use srcu_read_(un|)lock() inside bt_iter()
> and bt_tags_iter() instead of rcu_read_(un|)lock().

OK, but TBH, I am not so familiar with srcu - where you going to try this?

Thanks,
John