kobject lifetime problem in blk-mq |
|||||
Issue description
The upstream kernel has a refcount problem in blk-mq. Kernels built with the following configuration options enabled will crash early during boot when loading the image in qemu.
CONFIG_VIRTIO_BLK=y
CONFIG_SCSI_MQ_DEFAULT=y
CONFIG_SCSI_LOWLEVEL=y
CONFIG_SCSI_VIRTIO=y
CONFIG_VIRTIO_PCI=y
CONFIG_VIRTIO_MMIO=y
CONFIG_DEBUG_OBJECTS=y
CONFIG_DEBUG_OBJECTS_FREE=y
CONFIG_DEBUG_OBJECTS_TIMERS=y
CONFIG_DEBUG_KOBJECT=y
CONFIG_DEBUG_KOBJECT_RELEASE=y
Qemu command line:
qemu-system-x86_64 \
-kernel arch/x86/boot/bzImage \
-device virtio-scsi-pci,id=scsi \
-device scsi-hd,bus=scsi.0,drive=d0 \
-drive file=./wheezy.img,format=raw,if=none,id=d0 \
-snapshot \
-m 2G -smp 4 -enable-kvm \
-net user,host=10.0.2.10,hostfwd=tcp::10022-:22 -net nic \
-nographic -monitor none \
-no-reboot \
-append "console=ttyS0 root=/dev/sda earlyprintk=serial panic_on_warn=1 panic=-1"
It is unknown if the problem is only seen with virtio-scsi-pci or if it is more generic.
,
Nov 9
Upstream report: https://lore.kernel.org/lkml/20181109203518.GA7130@roeck-us.net/
,
Nov 10
,
Nov 21
,
Nov 24
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/dc93096cc260e135d04ecba51e14b0ef2a9e74c4 commit dc93096cc260e135d04ecba51e14b0ef2a9e74c4 Author: Ming Lei <ming.lei@redhat.com> Date: Sat Nov 24 00:49:48 2018 BACKPORT: FROMLIST: blk-mq: not embed .mq_kobj and ctx->kobj into queue instance Even though .mq_kobj, ctx->kobj and q->kobj share same lifetime from block layer's view, actually they don't because userspace may grab one kobject anytime via sysfs. This patch fixes the issue by the following approach: 1) introduce 'struct blk_mq_ctxs' for holding .mq_kobj and managing all ctxs 2) free all allocated ctxs and the 'blk_mq_ctxs' instance in release handler of .mq_kobj 3) grab one ref of .mq_kobj before initializing each ctx->kobj, so that .mq_kobj is always released after all ctxs are freed. This patch fixes kernel panic issue during booting when DEBUG_KOBJECT_RELEASE is enabled. BUG=b/112159884, chromium:903861 TEST=Boot from SCSI disk with CONFIG_DEBUG_KOBJECT_RELEASE=y Change-Id: I7916db6128ad23ef66293a7aad7d4e3452c6a8e1 Reported-by: Guenter Roeck <linux@roeck-us.net> Cc: "jianchao.wang" <jianchao.w.wang@oracle.com> Cc: Guenter Roeck <linux@roeck-us.net> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: stable@vger.kernel.org Signed-off-by: Ming Lei <ming.lei@redhat.com> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> (am from https://patchwork.kernel.org/patch/10689755/) [backport: context conflicts in blk-mq.h] Signed-off-by: Guenter Roeck <groeck@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/1344409 Reviewed-by: Zubin Mithra <zsm@chromium.org> Reviewed-by: Dmitry Vyukov <dvyukov@google.com> [modify] https://crrev.com/dc93096cc260e135d04ecba51e14b0ef2a9e74c4/include/linux/blkdev.h [modify] https://crrev.com/dc93096cc260e135d04ecba51e14b0ef2a9e74c4/block/blk-mq.c [modify] https://crrev.com/dc93096cc260e135d04ecba51e14b0ef2a9e74c4/block/blk-mq-sysfs.c [modify] https://crrev.com/dc93096cc260e135d04ecba51e14b0ef2a9e74c4/block/blk-mq.h
,
Nov 24
,
Nov 24
should have been crbug.com/90386 |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by groeck@chromium.org
, Nov 9Labels: Kernel-4.14 Kernel-4.19
Owner: groeck@chromium.org
Status: Assigned (was: Untriaged)