Re: [syzbot] [block?] [trace?] INFO: task hung in blk_trace_remove (2)
From: Edward Adam Davis
Date: Mon Jan 29 2024 - 21:28:15 EST
please test task hung in blk_trace_remove
#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c
index d5d94510afd3..ce5a1ed01d64 100644
--- a/kernel/trace/blktrace.c
+++ b/kernel/trace/blktrace.c
@@ -320,14 +320,16 @@ static void blk_trace_free(struct request_queue *q, struct blk_trace *bt)
* under 'q->debugfs_dir', thus lookup and remove them.
*/
if (!bt->dir) {
- debugfs_lookup_and_remove("dropped", q->debugfs_dir);
- debugfs_lookup_and_remove("msg", q->debugfs_dir);
+ struct dentry *debugfs_dir = q ? q->debugfs_dir : bt->debugfs_dir;
+
+ debugfs_lookup_and_remove("dropped", debugfs_dir);
+ debugfs_lookup_and_remove("msg", debugfs_dir);
} else {
debugfs_remove(bt->dir);
}
free_percpu(bt->sequence);
free_percpu(bt->msg_data);
- kfree(bt);
+ kfree_rcu(bt);
}
static void get_probe_ref(void)
@@ -377,12 +379,25 @@ static int blk_trace_stop(struct blk_trace *bt)
return 0;
}
+static void blk_trace_rcu_free(struct rcu_head *rcu)
+{
+ struct blk_trace *bt;
+
+ bt = container_of(rcu, struct blk_trace, rcu);
+ if (bt) {
+ blk_trace_free(NULL, bt);
+ put_probe_ref();
+ }
+}
+
static void blk_trace_cleanup(struct request_queue *q, struct blk_trace *bt)
{
blk_trace_stop(bt);
- synchronize_rcu();
- blk_trace_free(q, bt);
- put_probe_ref();
+ if (!bt->dir)
+ bt->debugfs_dir = q->debugfs_dir;
+ mutex_unlock(&q->debugfs_mutex);
+ call_rcu(&bt->rcu, blk_trace_rcu_free);
+ mutex_lock(&q->debugfs_mutex);
}
static int __blk_trace_remove(struct request_queue *q)
diff --git a/include/linux/blktrace_api.h b/include/linux/blktrace_api.h
index 122c62e561fc..4920c201bd12 100644
--- a/include/linux/blktrace_api.h
+++ b/include/linux/blktrace_api.h
@@ -26,6 +26,8 @@ struct blk_trace {
struct dentry *dir;
struct list_head running_list;
atomic_t dropped;
+ struct dentry *debugfs_dir;
+ struct rcu_head rcu;
};
extern int blk_trace_ioctl(struct block_device *, unsigned, char __user *);