aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJens Axboe <jens.axboe@oracle.com>2007-09-13 08:26:53 -0400
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-09-13 11:20:25 -0400
commitf3da54ba140c6427fa4a32913e1bf406f41b5dda (patch)
treee39f3c21a06abbf23944e03fc5ec422fc434fc00
parent9ca2152e173554e7ffb7919dc4916a7c61f8be1a (diff)
Fix race with shared tag queue maps
There's a race condition in blk_queue_end_tag() for shared tag maps, users include stex (promise supertrak thingy) and qla2xxx. The former at least has reported bugs in this area, not sure why we haven't seen any for the latter. It could be because the window is narrow and that other conditions in the qla2xxx code hide this. It's a real bug, though, as the stex smp users can attest. We need to ensure two things - the tag bit clearing needs to happen AFTER we cleared the tag pointer, as the tag bit clearing/setting is what protects this map. Secondly, we need to ensure that the visibility of the tag pointer and tag bit clear are ordered properly. [ I removed the SMP barriers - "test_and_clear_bit()" already implies all the required barriers. -- Linus ] Also see http://bugzilla.kernel.org/show_bug.cgi?id=7842 Signed-off-by: Jens Axboe <jens.axboe@oracle.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--block/ll_rw_blk.c13
1 files changed, 7 insertions, 6 deletions
diff --git a/block/ll_rw_blk.c b/block/ll_rw_blk.c
index a15845c164f2..cd20367061d7 100644
--- a/block/ll_rw_blk.c
+++ b/block/ll_rw_blk.c
@@ -1075,12 +1075,6 @@ void blk_queue_end_tag(struct request_queue *q, struct request *rq)
1075 */ 1075 */
1076 return; 1076 return;
1077 1077
1078 if (unlikely(!__test_and_clear_bit(tag, bqt->tag_map))) {
1079 printk(KERN_ERR "%s: attempt to clear non-busy tag (%d)\n",
1080 __FUNCTION__, tag);
1081 return;
1082 }
1083
1084 list_del_init(&rq->queuelist); 1078 list_del_init(&rq->queuelist);
1085 rq->cmd_flags &= ~REQ_QUEUED; 1079 rq->cmd_flags &= ~REQ_QUEUED;
1086 rq->tag = -1; 1080 rq->tag = -1;
@@ -1090,6 +1084,13 @@ void blk_queue_end_tag(struct request_queue *q, struct request *rq)
1090 __FUNCTION__, tag); 1084 __FUNCTION__, tag);
1091 1085
1092 bqt->tag_index[tag] = NULL; 1086 bqt->tag_index[tag] = NULL;
1087
1088 if (unlikely(!test_and_clear_bit(tag, bqt->tag_map))) {
1089 printk(KERN_ERR "%s: attempt to clear non-busy tag (%d)\n",
1090 __FUNCTION__, tag);
1091 return;
1092 }
1093
1093 bqt->busy--; 1094 bqt->busy--;
1094} 1095}
1095 1096