korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2025-01-24 14:54:49 +08:00
Code Issues Packages Projects Releases Wiki Activity
ba3c6fb87d
linux/drivers/block/drbd
History
Lars Ellenberg ba3c6fb87d drbd: close race when detaching from disk 
BUG: unable to handle kernel NULL pointer dereference at 0000000000000058
IP: bd_release+0x21/0x70
Process drbd_w_t7146
Call Trace:
 close_bdev_exclusive
 drbd_free_ldev		[drbd]
 drbd_ldev_destroy	[drbd]
 w_after_state_ch	[drbd]

Race probably went like this:
  state.disk = D_FAILED

... first one to hit zero during D_FAILED:
   put_ldev() /* ----------------> 0 */
     i = atomic_dec_return()
     if (i == 0)
       if (state.disk == D_FAILED)
         schedule_work(go_diskless)
                                /* 1 <------ */ get_ldev_if_state()
   go_diskless()
      do_some_pre_cleanup()                     corresponding put_ldev():
      force_state(D_DISKLESS)   /* 0 <------ */ i = atomic_dec_return()
                                                if (i == 0)
        atomic_inc() /* ---------> 1 */
        state.disk = D_DISKLESS
        schedule_work(after_state_ch)           /* execution pre-empted by IRQ ? */

   after_state_ch()
     put_ldev()
       i = atomic_dec_return()  /* 0 */
       if (i == 0)
         if (state.disk == D_DISKLESS)            if (state.disk == D_DISKLESS)
           drbd_ldev_destroy()                      drbd_ldev_destroy();

Trying to fix this by checking the disk state *before* the
atomic_dec_return(), which implies memory barriers, and by inserting
extra memory barriers around the state assignment in __drbd_set_state().

Signed-off-by: Philipp Reisner <philipp.reisner@linbit.com>
Signed-off-by: Lars Ellenberg <lars.ellenberg@linbit.com>
2014-07-10 18:34:54 +02:00
..
drbd_actlog.c drbd: explicitly submit meta data requests with REQ_NOIDLE 2014-07-10 18:34:54 +02:00
drbd_bitmap.c drbd: get rid of atomic update on disk bitmap works 2014-07-10 18:34:49 +02:00
drbd_int.h drbd: close race when detaching from disk 2014-07-10 18:34:54 +02:00
drbd_interval.c Merge branch 'drbd-8.4_ed6' into for-3.8-drivers-drbd-8.4_ed6 2012-11-09 14:20:23 +01:00
drbd_interval.h drbd: Iterate over all overlapping intervals in a tree 2011-10-14 16:47:37 +02:00
drbd_main.c drbd: trigger tcp_push_pending_frames() for PING and PING_ACK 2014-07-10 18:34:52 +02:00
drbd_nl.c drbd: move set_disk_ro() to after we persisted the new role 2014-07-10 18:34:53 +02:00
drbd_nla.c drbd: Remove drbd_wrappers.h 2014-04-30 13:46:54 -06:00
drbd_nla.h drbd: Split off netlink mandatory attribute handling into separate file 2012-11-08 16:57:45 +01:00
drbd_proc.c drbd: Move write_ordering from connection to resource 2014-07-10 15:22:19 +02:00
drbd_protocol.h drbd: Enable QUEUE_FLAG_DISCARD only if the peer can recieve P_TRIM 2014-04-30 13:46:55 -06:00
drbd_receiver.c drbd: allow write-ordering policy to be bumped up again 2014-07-10 15:22:22 +02:00
drbd_req.c drbd: refactor use of first_peer_device() 2014-07-10 15:22:22 +02:00
drbd_req.h drbd: prepare sending side for REQ_DISCARD 2014-04-30 13:46:55 -06:00
drbd_state.c drbd: close race when detaching from disk 2014-07-10 18:34:54 +02:00
drbd_state.h drbd: Rename drbd_tconn -> drbd_connection 2014-02-17 16:44:47 +01:00
drbd_strings.c drbd: Move string function prototypes from linux/drbd.h to drbd_string.h 2014-02-17 16:50:37 +01:00
drbd_strings.h drbd: Move string function prototypes from linux/drbd.h to drbd_string.h 2014-02-17 16:50:37 +01:00
drbd_vli.h Fix common misspellings 2011-03-31 11:26:23 -03:00
drbd_worker.c drbd: fix resync finished detection 2014-07-10 18:34:50 +02:00
Kconfig drbd: update Kconfig to match current dependencies 2012-12-06 13:08:29 +01:00
Makefile drbd: Split off netlink mandatory attribute handling into separate file 2012-11-08 16:57:45 +01:00