From: Yu Kuai <yukuai3@xxxxxxxxxx>
In the case user trigger tags grow by queue sysfs attribute nr_requests,
hctx->sched_tags will be freed directly and replaced with a new
allocated tags, see blk_mq_tag_update_depth().
The problem is that hctx->sched_tags is from elevator->et->tags, while
et->tags is still the freed tags, hence later elevator exist will try to
free the tags again, causing kernel panic.
patch 1-6 are prep cleanup and refactor patches for updating nr_requests
patch 7,8 are the fix patches for the regression
patch 9 is cleanup patch after patch 8
patch 10 fix the stale nr_requests documentation
Yu Kuai (10):
blk-mq: remove useless checking from queue_requests_store()
blk-mq: remove useless checkings from blk_mq_update_nr_requests()
blk-mq: check invalid nr_requests in queue_requests_store()
blk-mq: serialize updating nr_requests with update_nr_hwq_lock
blk-mq: cleanup shared tags case in blk_mq_update_nr_requests()
blk-mq: split bitmap grow and resize case in
blk_mq_update_nr_requests()
blk-mq-sched: add new parameter nr_requests in
blk_mq_alloc_sched_tags()
blk-mq: fix blk_mq_tags double free while nr_requests grown
blk-mq: remove blk_mq_tag_update_depth()
blk-mq: fix stale nr_requests documentation
Documentation/ABI/stable/sysfs-block | 14 ++-----
block/blk-mq-sched.c | 14 +++----
block/blk-mq-sched.h | 2 +-
block/blk-mq-tag.c | 52 -----------------------
block/blk-mq.c | 62 +++++++++++-----------------
block/blk-mq.h | 17 ++++++--
block/blk-sysfs.c | 44 +++++++++++++++-----
block/elevator.c | 3 +-
8 files changed, 84 insertions(+), 124 deletions(-)
--
2.39.2
