--- /dev/null
+From 248cc84c0d22c6e641f3078c90ffb048e226a20f Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 3 Feb 2020 11:40:55 +0100
+Subject: block, bfq: do not insert oom queue into position tree
+
+From: Paolo Valente <paolo.valente@linaro.org>
+
+[ Upstream commit 32c59e3a9a5a0b180dd015755d6d18ca31e55935 ]
+
+BFQ maintains an ordered list, implemented with an RB tree, of
+head-request positions of non-empty bfq_queues. This position tree,
+inherited from CFQ, is used to find bfq_queues that contain I/O close
+to each other. BFQ merges these bfq_queues into a single shared queue,
+if this boosts throughput on the device at hand.
+
+There is however a special-purpose bfq_queue that does not participate
+in queue merging, the oom bfq_queue. Yet, also this bfq_queue could be
+wrongly added to the position tree. So bfqq_find_close() could return
+the oom bfq_queue, which is a source of further troubles in an
+out-of-memory situation. This commit prevents the oom bfq_queue from
+being inserted into the position tree.
+
+Tested-by: Patrick Dung <patdung100@gmail.com>
+Tested-by: Oleksandr Natalenko <oleksandr@natalenko.name>
+Signed-off-by: Paolo Valente <paolo.valente@linaro.org>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ block/bfq-iosched.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c
+index 5498d05b873d3..955daa29303a8 100644
+--- a/block/bfq-iosched.c
++++ b/block/bfq-iosched.c
+@@ -614,6 +614,10 @@ bfq_pos_tree_add_move(struct bfq_data *bfqd, struct bfq_queue *bfqq)
+ bfqq->pos_root = NULL;
+ }
+
++ /* oom_bfqq does not participate in queue merging */
++ if (bfqq == &bfqd->oom_bfqq)
++ return;
++
+ /*
+ * bfqq cannot be merged any longer (see comments in
+ * bfq_setup_cooperator): no point in adding bfqq into the
+--
+2.20.1
+
--- /dev/null
+From f0c84179d49868076fb613f72af14ab7675a5be7 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 3 Feb 2020 11:40:59 +0100
+Subject: block, bfq: get a ref to a group when adding it to a service tree
+
+From: Paolo Valente <paolo.valente@linaro.org>
+
+[ Upstream commit db37a34c563bf4692b36990ae89005c031385e52 ]
+
+BFQ schedules generic entities, which may represent either bfq_queues
+or groups of bfq_queues. When an entity is inserted into a service
+tree, a reference must be taken, to make sure that the entity does not
+disappear while still referred in the tree. Unfortunately, such a
+reference is mistakenly taken only if the entity represents a
+bfq_queue. This commit takes a reference also in case the entity
+represents a group.
+
+Tested-by: Oleksandr Natalenko <oleksandr@natalenko.name>
+Tested-by: Chris Evich <cevich@redhat.com>
+Signed-off-by: Paolo Valente <paolo.valente@linaro.org>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ block/bfq-cgroup.c | 2 +-
+ block/bfq-iosched.h | 1 +
+ block/bfq-wf2q.c | 12 ++++++++++--
+ 3 files changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/block/bfq-cgroup.c b/block/bfq-cgroup.c
+index 86a607cf19a10..0999d56bc4d19 100644
+--- a/block/bfq-cgroup.c
++++ b/block/bfq-cgroup.c
+@@ -332,7 +332,7 @@ static void bfqg_put(struct bfq_group *bfqg)
+ kfree(bfqg);
+ }
+
+-static void bfqg_and_blkg_get(struct bfq_group *bfqg)
++void bfqg_and_blkg_get(struct bfq_group *bfqg)
+ {
+ /* see comments in bfq_bic_update_cgroup for why refcounting bfqg */
+ bfqg_get(bfqg);
+diff --git a/block/bfq-iosched.h b/block/bfq-iosched.h
+index 5d1a519640f6a..e0e4a413d43a5 100644
+--- a/block/bfq-iosched.h
++++ b/block/bfq-iosched.h
+@@ -978,6 +978,7 @@ struct bfq_group *bfq_find_set_group(struct bfq_data *bfqd,
+ struct blkcg_gq *bfqg_to_blkg(struct bfq_group *bfqg);
+ struct bfq_group *bfqq_group(struct bfq_queue *bfqq);
+ struct bfq_group *bfq_create_group_hierarchy(struct bfq_data *bfqd, int node);
++void bfqg_and_blkg_get(struct bfq_group *bfqg);
+ void bfqg_and_blkg_put(struct bfq_group *bfqg);
+
+ #ifdef CONFIG_BFQ_GROUP_IOSCHED
+diff --git a/block/bfq-wf2q.c b/block/bfq-wf2q.c
+index 05f0bf4a1144d..44079147e396e 100644
+--- a/block/bfq-wf2q.c
++++ b/block/bfq-wf2q.c
+@@ -536,7 +536,9 @@ static void bfq_get_entity(struct bfq_entity *entity)
+ bfqq->ref++;
+ bfq_log_bfqq(bfqq->bfqd, bfqq, "get_entity: %p %d",
+ bfqq, bfqq->ref);
+- }
++ } else
++ bfqg_and_blkg_get(container_of(entity, struct bfq_group,
++ entity));
+ }
+
+ /**
+@@ -650,8 +652,14 @@ static void bfq_forget_entity(struct bfq_service_tree *st,
+
+ entity->on_st = false;
+ st->wsum -= entity->weight;
+- if (bfqq && !is_in_service)
++ if (is_in_service)
++ return;
++
++ if (bfqq)
+ bfq_put_queue(bfqq);
++ else
++ bfqg_and_blkg_put(container_of(entity, struct bfq_group,
++ entity));
+ }
+
+ /**
+--
+2.20.1
+
--- /dev/null
+From f2902342fdfce844eafc98b5a7a4af9769cbc9e8 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 3 Feb 2020 11:40:56 +0100
+Subject: block, bfq: get extra ref to prevent a queue from being freed during
+ a group move
+
+From: Paolo Valente <paolo.valente@linaro.org>
+
+[ Upstream commit ecedd3d7e19911ab8fe42f17b77c0a30fe7f4db3 ]
+
+In bfq_bfqq_move(), the bfq_queue, say Q, to be moved to a new group
+may happen to be deactivated in the scheduling data structures of the
+source group (and then activated in the destination group). If Q is
+referred only by the data structures in the source group when the
+deactivation happens, then Q is freed upon the deactivation.
+
+This commit addresses this issue by getting an extra reference before
+the possible deactivation, and releasing this extra reference after Q
+has been moved.
+
+Tested-by: Chris Evich <cevich@redhat.com>
+Tested-by: Oleksandr Natalenko <oleksandr@natalenko.name>
+Signed-off-by: Paolo Valente <paolo.valente@linaro.org>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ block/bfq-cgroup.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/block/bfq-cgroup.c b/block/bfq-cgroup.c
+index 0999d56bc4d19..ead6e42832982 100644
+--- a/block/bfq-cgroup.c
++++ b/block/bfq-cgroup.c
+@@ -634,6 +634,12 @@ void bfq_bfqq_move(struct bfq_data *bfqd, struct bfq_queue *bfqq,
+ bfq_bfqq_expire(bfqd, bfqd->in_service_queue,
+ false, BFQQE_PREEMPTED);
+
++ /*
++ * get extra reference to prevent bfqq from being freed in
++ * next possible deactivate
++ */
++ bfqq->ref++;
++
+ if (bfq_bfqq_busy(bfqq))
+ bfq_deactivate_bfqq(bfqd, bfqq, false, false);
+ else if (entity->on_st)
+@@ -653,6 +659,8 @@ void bfq_bfqq_move(struct bfq_data *bfqd, struct bfq_queue *bfqq,
+
+ if (!bfqd->in_service_queue && !bfqd->rq_in_driver)
+ bfq_schedule_dispatch(bfqd);
++ /* release extra ref taken above */
++ bfq_put_queue(bfqq);
+ }
+
+ /**
+--
+2.20.1
+
--- /dev/null
+block-bfq-get-a-ref-to-a-group-when-adding-it-to-a-s.patch
+block-bfq-get-extra-ref-to-prevent-a-queue-from-bein.patch
+block-bfq-do-not-insert-oom-queue-into-position-tree.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
