diff options
| author | Ming Lei <[email protected]> | 2025-05-15 16:26:01 +0000 |
|---|---|---|
| committer | Jens Axboe <[email protected]> | 2025-05-15 16:53:41 +0000 |
| commit | dd24f87f65c957f30e605e44961d2fd53a44c780 (patch) | |
| tree | cb840ff530cdf734ca66eb2161b07a326afa009b /rust/helpers/mutex.c | |
| parent | Merge tag 'nvme-6.15-2025-05-15' of git://git.infradead.org/nvme into block-6.15 (diff) | |
| download | kernel-dd24f87f65c957f30e605e44961d2fd53a44c780.tar.gz kernel-dd24f87f65c957f30e605e44961d2fd53a44c780.zip | |
ublk: fix dead loop when canceling io command
Commit:
f40139fde527 ("ublk: fix race between io_uring_cmd_complete_in_task and
ublk_cancel_cmd")
adds a request state check in ublk_cancel_cmd(), and if the request is
started, skips canceling this uring_cmd.
However, the current uring_cmd may be in ACTIVE state, without block
request coming to the uring command. Meantime, if the cached request in
tag_set.tags[tag] has been delivered to ublk server and reycycled, then
this uring_cmd can't be canceled.
ublk requests are aborted in ublk char device release handler, which
depends on canceling all ACTIVE uring_cmd. So it causes a dead loop.
Fix this issue by not taking a stale request into account when canceling
uring_cmd in ublk_cancel_cmd().
Reported-by: Shinichiro Kawasaki <[email protected]>
Closes: https://lore.kernel.org/linux-block/mruqwpf4tqenkbtgezv5oxwq7ngyq24jzeyqy4ixzvivatbbxv@4oh2wzz4e6qn/
Fixes: f40139fde527 ("ublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd")
Signed-off-by: Ming Lei <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
[axboe: rewording of commit message]
Signed-off-by: Jens Axboe <[email protected]>
Diffstat (limited to 'rust/helpers/mutex.c')
0 files changed, 0 insertions, 0 deletions