md: Fix race when creating a new md device.
There is a race when creating an md device by opening /dev/mdXX. If two processes do this at much the same time they will follow the call path __blkdev_get -> get_gendisk -> kobj_lookup The first will call -> md_probe -> md_alloc -> add_disk -> blk_register_region and the race happens when the second gets to kobj_lookup after add_disk has called blk_register_region but before it returns to md_alloc. In the case the second will not call md_probe (as the probe is already done) but will get a handle on the gendisk, return to __blkdev_get which will then call md_open (via the ->open) pointer. As mddev->gendisk hasn't been set yet, md_open will think something is wrong an return with ERESTARTSYS. This can loop endlessly while the first thread makes no progress through add_disk. Nothing is blocking it, but due to scheduler behaviour it doesn't get a turn. So this is essentially a live-lock. We fix this by simply moving the assignment to mddev->gendisk before the call the add_disk() so md_open doesn't get confused. Also move blk_queue_flush earlier because add_disk should be as late as possible. To make sure that md_open doesn't complete until md_alloc has done all that is needed, we take mddev->open_mutex during the last part of md_alloc. md_open will wait for this. This can cause a lock-up on boot so Cc:ing for stable. For 2.6.36 and earlier a different patch will be needed as the 'blk_queue_flush' call isn't there. Signed-off-by: NeilBrown <neilb@suse.de> Reported-by: Thomas Jarosch <thomas.jarosch@intra2net.com> Tested-by: Thomas Jarosch <thomas.jarosch@intra2net.com> Cc: stable@kernel.org
This commit is contained in:
parent
693d92a1bb
commit
b0140891a8
@ -4347,13 +4347,19 @@ static int md_alloc(dev_t dev, char *name)
|
|||||||
disk->fops = &md_fops;
|
disk->fops = &md_fops;
|
||||||
disk->private_data = mddev;
|
disk->private_data = mddev;
|
||||||
disk->queue = mddev->queue;
|
disk->queue = mddev->queue;
|
||||||
|
blk_queue_flush(mddev->queue, REQ_FLUSH | REQ_FUA);
|
||||||
/* Allow extended partitions. This makes the
|
/* Allow extended partitions. This makes the
|
||||||
* 'mdp' device redundant, but we can't really
|
* 'mdp' device redundant, but we can't really
|
||||||
* remove it now.
|
* remove it now.
|
||||||
*/
|
*/
|
||||||
disk->flags |= GENHD_FL_EXT_DEVT;
|
disk->flags |= GENHD_FL_EXT_DEVT;
|
||||||
add_disk(disk);
|
|
||||||
mddev->gendisk = disk;
|
mddev->gendisk = disk;
|
||||||
|
/* As soon as we call add_disk(), another thread could get
|
||||||
|
* through to md_open, so make sure it doesn't get too far
|
||||||
|
*/
|
||||||
|
mutex_lock(&mddev->open_mutex);
|
||||||
|
add_disk(disk);
|
||||||
|
|
||||||
error = kobject_init_and_add(&mddev->kobj, &md_ktype,
|
error = kobject_init_and_add(&mddev->kobj, &md_ktype,
|
||||||
&disk_to_dev(disk)->kobj, "%s", "md");
|
&disk_to_dev(disk)->kobj, "%s", "md");
|
||||||
if (error) {
|
if (error) {
|
||||||
@ -4367,8 +4373,7 @@ static int md_alloc(dev_t dev, char *name)
|
|||||||
if (mddev->kobj.sd &&
|
if (mddev->kobj.sd &&
|
||||||
sysfs_create_group(&mddev->kobj, &md_bitmap_group))
|
sysfs_create_group(&mddev->kobj, &md_bitmap_group))
|
||||||
printk(KERN_DEBUG "pointless warning\n");
|
printk(KERN_DEBUG "pointless warning\n");
|
||||||
|
mutex_unlock(&mddev->open_mutex);
|
||||||
blk_queue_flush(mddev->queue, REQ_FLUSH | REQ_FUA);
|
|
||||||
abort:
|
abort:
|
||||||
mutex_unlock(&disks_mutex);
|
mutex_unlock(&disks_mutex);
|
||||||
if (!error && mddev->kobj.sd) {
|
if (!error && mddev->kobj.sd) {
|
||||||
|
Loading…
x
Reference in New Issue
Block a user