From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965123Ab2I1S6j (ORCPT ); Fri, 28 Sep 2012 14:58:39 -0400 Received: from mail-pb0-f46.google.com ([209.85.160.46]:33712 "EHLO mail-pb0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S965092Ab2I1S60 (ORCPT ); Fri, 28 Sep 2012 14:58:26 -0400 From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg KH , alan@lxorguk.ukuu.org.uk, Paul Clements , Andrew Morton , Linus Torvalds Subject: [ 094/262] nbd: clear waiting_queue on shutdown Date: Fri, 28 Sep 2012 11:50:23 -0700 Message-Id: <20120928183009.187578255@linuxfoundation.org> X-Mailer: git-send-email 1.7.10.1.362.g242cab3 In-Reply-To: <20120928182957.993484211@linuxfoundation.org> References: <20120928182957.993484211@linuxfoundation.org> User-Agent: quilt/0.60-2.1.2 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Greg KH 3.5-stable review patch. If anyone has any objections, please let me know. ------------------ From: Paul Clements commit fded4e090c60100d709318896c79816d68d5b47d upstream. Fix a serious but uncommon bug in nbd which occurs when there is heavy I/O going to the nbd device while, at the same time, a failure (server, network) or manual disconnect of the nbd connection occurs. There is a small window between the time that the nbd_thread is stopped and the socket is shutdown where requests can continue to be queued to nbd's internal waiting_queue. When this happens, those requests are never completed or freed. The fix is to clear the waiting_queue on shutdown of the nbd device, in the same way that the nbd request queue (queue_head) is already being cleared. Signed-off-by: Paul Clements Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- drivers/block/nbd.c | 9 +++++++++ 1 file changed, 9 insertions(+) --- a/drivers/block/nbd.c +++ b/drivers/block/nbd.c @@ -445,6 +445,14 @@ static void nbd_clear_que(struct nbd_dev req->errors++; nbd_end_request(req); } + + while (!list_empty(&nbd->waiting_queue)) { + req = list_entry(nbd->waiting_queue.next, struct request, + queuelist); + list_del_init(&req->queuelist); + req->errors++; + nbd_end_request(req); + } } @@ -594,6 +602,7 @@ static int __nbd_ioctl(struct block_devi nbd->file = NULL; nbd_clear_que(nbd); BUG_ON(!list_empty(&nbd->queue_head)); + BUG_ON(!list_empty(&nbd->waiting_queue)); if (file) fput(file); return 0;