From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, NeilBrown <neilb@suse.de>
Subject: [PATCH 3.13 10/10] md/raid5: close recently introduced race in stripe_head management.
Date: Mon, 27 Jan 2014 12:17:13 -0800 [thread overview]
Message-ID: <20140127201536.069050252@linuxfoundation.org> (raw)
In-Reply-To: <20140127201535.350372282@linuxfoundation.org>
3.13-stable review patch. If anyone has any objections, please let me know.
------------------
From: NeilBrown <neilb@suse.de>
commit 7da9d450ab2843bf1db378c156acc6304dbc1c2b upstream.
As release_stripe and __release_stripe decrement ->count and then
manipulate ->lru both under ->device_lock, it is important that
get_active_stripe() increments ->count and clears ->lru also under
->device_lock.
However we currently list_del_init ->lru under the lock, but increment
the ->count outside the lock. This can lead to races and list
corruption.
So move the atomic_inc(&sh->count) up inside the ->device_lock
protected region.
Note that we still increment ->count without device lock in the case
where get_free_stripe() was called, and in fact don't take
->device_lock at all in that path.
This is safe because if the stripe_head can be found by
get_free_stripe, then the hash lock assures us the no-one else could
possibly be calling release_stripe() at the same time.
Fixes: 566c09c53455d7c4f1130928ef8071da1a24ea65
Reported-and-tested-by: Ian Kumlien <ian.kumlien@gmail.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/raid5.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -675,8 +675,10 @@ get_active_stripe(struct r5conf *conf, s
|| !conf->inactive_blocked),
*(conf->hash_locks + hash));
conf->inactive_blocked = 0;
- } else
+ } else {
init_stripe(sh, sector, previous);
+ atomic_inc(&sh->count);
+ }
} else {
spin_lock(&conf->device_lock);
if (atomic_read(&sh->count)) {
@@ -695,13 +697,11 @@ get_active_stripe(struct r5conf *conf, s
sh->group = NULL;
}
}
+ atomic_inc(&sh->count);
spin_unlock(&conf->device_lock);
}
} while (sh == NULL);
- if (sh)
- atomic_inc(&sh->count);
-
spin_unlock_irq(conf->hash_locks + hash);
return sh;
}
next prev parent reply other threads:[~2014-01-27 20:17 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-27 20:17 [PATCH 3.13 00/10] 3.13.1-stable review Greg Kroah-Hartman
2014-01-27 20:17 ` [PATCH 3.13 01/10] GFS2: Increase i_writecount during gfs2_setattr_chown Greg Kroah-Hartman
2014-01-27 20:17 ` [PATCH 3.13 02/10] staging: comedi: fix result of memdup_user for user chanlist Greg Kroah-Hartman
2014-01-27 20:17 ` [PATCH 3.13 03/10] staging: comedi: addi_apci_1032: fix subdevice type/flags bug Greg Kroah-Hartman
2014-01-27 20:17 ` [PATCH 3.13 04/10] staging: comedi: adl_pci9111: fix incorrect irq passed to request_irq() Greg Kroah-Hartman
2014-01-27 20:17 ` [PATCH 3.13 05/10] mm: Make {,set}page_address() static inline if WANT_PAGE_VIRTUAL Greg Kroah-Hartman
2014-01-27 20:17 ` [PATCH 3.13 06/10] serial: amba-pl011: use port lock to guard control register access Greg Kroah-Hartman
2014-01-27 20:17 ` [PATCH 3.13 07/10] extcon: gpio: Request gpio pin before modifying its state Greg Kroah-Hartman
2014-01-27 20:17 ` [PATCH 3.13 08/10] ALSA: hda - Explicitly keep codec powered up in hdmi_present_sense Greg Kroah-Hartman
2014-01-27 20:17 ` [PATCH 3.13 09/10] md/raid5: fix long-standing problem with bitmap handling on write failure Greg Kroah-Hartman
2014-01-27 20:17 ` Greg Kroah-Hartman [this message]
2014-01-28 17:41 ` [PATCH 3.13 00/10] 3.13.1-stable review Shuah Khan
2014-01-29 13:05 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140127201536.069050252@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=neilb@suse.de \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.