Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 30 Oct 2015 16:07:14 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-bugs@FreeBSD.org
Subject:   [Bug 203746] Panic in NVME driver
Message-ID:  <bug-203746-8-1KrkRmh3Kv@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-203746-8@https.bugs.freebsd.org/bugzilla/>
References:  <bug-203746-8@https.bugs.freebsd.org/bugzilla/>

next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203746

--- Comment #7 from commit-hook@freebsd.org ---
A commit references this bug:

Author: jimharris
Date: Fri Oct 30 16:06:34 UTC 2015
New revision: 290198
URL: https://svnweb.freebsd.org/changeset/base/290198

Log:
  nvme: fix race condition in split bio completion path

  Fixes race condition observed under following circumstances:

  1) I/O split on 128KB boundary with Intel NVMe controller.
     Current Intel controllers produce better latency when
     I/Os do not span a 128KB boundary - even if the I/O size
     itself is less than 128KB.
  2) Per-CPU I/O queues are enabled.
  3) Child I/Os are submitted on different submission queues.
  4) Interrupts for child I/O completions occur almost
     simultaneously.
  5) ithread for child I/O A increments bio_inbed, then
     immediately is preempted (rendezvous IPI, higher priority
     interrupt).
  6) ithread for child I/O B increments bio_inbed, then completes
     parent bio since all children are now completed.
  7) parent bio is freed, and immediately reallocated for a VFS
     or gpart bio (including setting bio_children to 1 and
     clearing bio_driver1).
  8) ithread for child I/O A resumes processing.  bio_children
     for what it thinks is the parent bio is set to 1, so it
     thinks it needs to complete the parent bio.

  Result is either calling a NULL callback function, or double freeing
  the bio to its uma zone.

  PR:        203746
  Reported by:    Drew Gallatin <gallatin@netflix.com>,
          Marc Goroff <mgoroff@quorum.net>
  Tested by:    Drew Gallatin <gallatin@netflix.com>
  MFC after:    3 days
  Sponsored by:    Intel

Changes:
  head/sys/dev/nvme/nvme_ns.c

-- 
You are receiving this mail because:
You are the assignee for the bug.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-203746-8-1KrkRmh3Kv>