ublk: set canceling flag even when disk is not allocated#896
Open
blktests-ci[bot] wants to merge 1 commit into
Open
ublk: set canceling flag even when disk is not allocated#896blktests-ci[bot] wants to merge 1 commit into
blktests-ci[bot] wants to merge 1 commit into
Conversation
ublk_start_cancel() previously bailed out early when ublk_get_disk() returned NULL, treating it as "our disk has been dead". That is correct for the post-teardown case, but it also wrongly covers the pre-start case: ublk_ctrl_start_dev() has not assigned ub->ub_disk yet, while io_uring is already tearing down the daemon's uring_cmds via ublk_uring_cmd_cancel_fn(). In that window, the cancel path skips ublk_set_canceling(), so ubq->canceling stays false, even though ublk_cancel_cmd() goes on to NULL out every io->cmd. ublk_ctrl_start_dev() then proceeds to set ub->ub_disk, call add_disk(), and schedule partition_scan_work. When ublk_partition_scan_work() runs bdev_disk_changed() and the resulting read reaches ublk_queue_rq() -> ublk_queue_cmd(), the ubq->canceling check passes and the code dereferences the NULL io->cmd: BUG: kernel NULL pointer dereference, address: 0000000000000018 RIP: ublk_queue_cmd drivers/block/ublk_drv.c [inline] RIP: ublk_queue_rq+0x73/0x100 Call Trace: blk_mq_dispatch_rq_list+0x1c5/0xca0 ... bdev_disk_changed+0x3d4/0x5e0 ublk_partition_scan_work+0x89/0xe0 process_one_work+0x344/0x8a0 Fix it by always setting ub->canceling / ubq->canceling under cancel_mutex. When the disk is allocated, keep the existing quiesce/unquiesce dance so the flag is observed across the ublk_queue_rq() barrier. When the disk is not yet allocated, there is no request_queue and ublk_queue_rq() cannot be running concurrently, so simply flipping the flag is sufficient: any subsequent I/O - including the partition scan started by ublk_ctrl_start_dev() - will see canceling set and be aborted via __ublk_queue_rq_common(). Fixes: 7fc4da6 ("ublk: scan partition in async way") Signed-off-by: Ming Lei <tom.leiming@gmail.com>
Author
|
Upstream branch: e8c2f9f |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull request for series with
subject: ublk: set canceling flag even when disk is not allocated
version: 1
url: https://patchwork.kernel.org/project/linux-block/list/?series=1101695