From cf96a6c88c48687a85c81fbbb37e68db678cae81 Mon Sep 17 00:00:00 2001
From: Sasha Levin <alexander.levin@verizon.com>
Date: Sat, 13 Aug 2016 07:45:12 -0400
Subject: [PATCH] dm rq: fix the starting and stopping of blk-mq queues

Orabug: 25308141

[ Upstream commit 7d9595d848cdff5c7939f68eec39e0c5d36a1d67 ]

Improve dm_stop_queue() to cancel any requeue_work.  Also, have
dm_start_queue() and dm_stop_queue() clear/set the QUEUE_FLAG_STOPPED
for the blk-mq request_queue.

On suspend dm_stop_queue() handles stopping the blk-mq request_queue
BUT: even though the hw_queues are marked BLK_MQ_S_STOPPED at that point
there is still a race that is allowing block/blk-mq.c to call ->queue_rq
against a hctx that it really shouldn't.  Add a check to
dm_mq_queue_rq() that guards against this rarity (albeit _not_
race-free).

Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Cc: stable@vger.kernel.org # must patch dm.c on < 4.8 kernels
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
(cherry picked from commit 655fe78746d0b9141fe763535fc16d6652665c13)
Signed-off-by: Dhaval Giani <dhaval.giani@oracle.com>
---
 drivers/md/dm.c | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/drivers/md/dm.c b/drivers/md/dm.c
index 848d85339271..8594a0992e6a 100644
--- a/drivers/md/dm.c
+++ b/drivers/md/dm.c
@@ -1200,8 +1200,14 @@ static void stop_queue(struct request_queue *q)
 {
 	if (!q->mq_ops)
 		old_stop_queue(q);
-	else
+	else {
+		spin_lock_irq(q->queue_lock);
+		queue_flag_set(QUEUE_FLAG_STOPPED, q);
+		spin_unlock_irq(q->queue_lock);
+
+		blk_mq_cancel_requeue_work(q);
 		blk_mq_stop_hw_queues(q);
+	}
 }
 
 static void old_start_queue(struct request_queue *q)
@@ -1218,8 +1224,10 @@ static void start_queue(struct request_queue *q)
 {
 	if (!q->mq_ops)
 		old_start_queue(q);
-	else
+	else {
+		queue_flag_clear_unlocked(QUEUE_FLAG_STOPPED, q);
 		blk_mq_start_stopped_hw_queues(q, true);
+	}
 }
 
 static void dm_done(struct request *clone, int error, bool mapped)
@@ -2731,6 +2739,17 @@ static int dm_mq_queue_rq(struct blk_mq_hw_ctx *hctx,
 	}
 	dm_put_live_table(md, srcu_idx);
 
+	/*
+	 * On suspend dm_stop_queue() handles stopping the blk-mq
+	 * request_queue BUT: even though the hw_queues are marked
+	 * BLK_MQ_S_STOPPED at that point there is still a race that
+	 * is allowing block/blk-mq.c to call ->queue_rq against a
+	 * hctx that it really shouldn't.  The following check guards
+	 * against this rarity (albeit _not_ race-free).
+	 */
+	if (unlikely(test_bit(BLK_MQ_S_STOPPED, &hctx->state)))
+		return BLK_MQ_RQ_QUEUE_BUSY;
+
 	if (ti->type->busy && ti->type->busy(ti))
 		return BLK_MQ_RQ_QUEUE_BUSY;
 
-- 
2.50.1