linux/drivers/md
majianpeng d206dcfa98 md/raid5: Before freeing old multi-thread worker, it should flush them.
When changing group_thread_cnt from sysfs entry, the kernel can oops.

The kernel messages are:
[  740.961389] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
[  740.961444] IP: [<ffffffff81062570>] process_one_work+0x30/0x500
[  740.961476] PGD b9013067 PUD b651e067 PMD 0
[  740.961503] Oops: 0000 [#1] SMP
[  740.961525] Modules linked in: netconsole e1000e ptp pps_core
[  740.961577] CPU: 0 PID: 3683 Comm: kworker/u8:5 Not tainted 3.12.0+ #23
[  740.961602] Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./To be filled by O.E.M., BIOS 080015  11/09/2011
[  740.961646] task: ffff88013abe0000 ti: ffff88013a246000 task.ti: ffff88013a246000
[  740.961673] RIP: 0010:[<ffffffff81062570>]  [<ffffffff81062570>] process_one_work+0x30/0x500
[  740.961708] RSP: 0018:ffff88013a247e08  EFLAGS: 00010086
[  740.961730] RAX: ffff8800b912b400 RBX: ffff88013a61e680 RCX: ffff8800b912b400
[  740.961757] RDX: ffff8800b912b600 RSI: ffff8800b912b600 RDI: ffff88013a61e680
[  740.961782] RBP: ffff88013a247e48 R08: ffff88013a246000 R09: 000000000002c09d
[  740.961808] R10: 000000000000010f R11: 0000000000000000 R12: ffff88013b00cc00
[  740.961833] R13: 0000000000000000 R14: ffff88013b00cf80 R15: ffff88013a61e6b0
[  740.961861] FS:  0000000000000000(0000) GS:ffff88013fc00000(0000) knlGS:0000000000000000
[  740.961893] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[  740.962001] CR2: 00000000000000b8 CR3: 00000000b24fe000 CR4: 00000000000407f0
[  740.962001] Stack:
[  740.962001]  0000000000000008 ffff8800b912b600 ffff88013b00cc00 ffff88013a61e680
[  740.962001]  ffff88013b00cc00 ffff88013b00cc18 ffff88013b00cf80 ffff88013a61e6b0
[  740.962001]  ffff88013a247eb8 ffffffff810639c6 0000000000012a80 ffff88013a247fd8
[  740.962001] Call Trace:
[  740.962001]  [<ffffffff810639c6>] worker_thread+0x206/0x3f0
[  740.962001]  [<ffffffff810637c0>] ? manage_workers+0x2c0/0x2c0
[  740.962001]  [<ffffffff81069656>] kthread+0xc6/0xd0
[  740.962001]  [<ffffffff81069590>] ? kthread_freezable_should_stop+0x70/0x70
[  740.962001]  [<ffffffff81722ffc>] ret_from_fork+0x7c/0xb0
[  740.962001]  [<ffffffff81069590>] ? kthread_freezable_should_stop+0x70/0x70
[  740.962001] Code: 89 e5 41 57 41 56 41 55 45 31 ed 41 54 53 48 89 fb 48 83 ec 18 48 8b 06 4c 8b 67 48 48 89 c1 30 c9 a8 04 4c 0f 45 e9 80 7f 58 00 <49> 8b 45 08 44 8b b0 00 01 00 00 78 0c 41 f6 44 24 10 04 0f 84
[  740.962001] RIP  [<ffffffff81062570>] process_one_work+0x30/0x500
[  740.962001]  RSP <ffff88013a247e08>
[  740.962001] CR2: 0000000000000008
[  740.962001] ---[ end trace 39181460000748de ]---
[  740.962001] Kernel panic - not syncing: Fatal exception

This can happen if there are some stripes left, fewer than MAX_STRIPE_BATCH.
A worker is queued to handle them.
But before calling raid5_do_work, raid5d handles those
stripes making conf->active_stripe = 0.
So mddev_suspend() can return.
We might then free old worker resources before the queued
raid5_do_work() handled them.  When it runs, it crashes.

	raid5d()		raid5_store_group_thread_cnt()
	queue_work		mddev_suspend()
				handle_strips
				active_stripe=0
				free(old worker resources)
	process_one_work
	raid5_do_work

To avoid this, we should only flush the worker resources before freeing them.

This fixes a bug introduced in 3.12 so is suitable for the 3.12.x
stable series.

Cc: stable@vger.kernel.org (3.12)
Fixes: b721420e87
Signed-off-by: Jianpeng Ma <majianpeng@gmail.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Reviewed-by: Shaohua Li <shli@kernel.org>
2013-11-19 15:19:18 +11:00
..
bcache bcache: Fixed incorrect order of arguments to bio_alloc_bioset() 2013-10-23 07:55:36 +01:00
persistent-data dm space map: optimise sm_ll_dec and sm_ll_inc 2013-08-23 09:02:14 -04:00
bitmap.c sysfs: clean up sysfs_get_dirent() 2013-09-26 15:33:18 -07:00
bitmap.h md/bitmap: record the space available for the bitmap in the superblock. 2012-05-22 13:55:34 +10:00
dm-bio-prison.c dm: add cache target 2013-03-01 22:45:51 +00:00
dm-bio-prison.h dm: add cache target 2013-03-01 22:45:51 +00:00
dm-bio-record.h
dm-bufio.c drivers: convert shrinkers to new count/scan API 2013-09-10 18:56:32 -04:00
dm-bufio.h
dm-cache-block-types.h dm: add cache target 2013-03-01 22:45:51 +00:00
dm-cache-metadata.c dm cache: replace memcpy with struct assignment 2013-05-10 14:37:18 +01:00
dm-cache-metadata.h dm cache: policy ignore hints if generated by different version 2013-03-20 17:21:28 +00:00
dm-cache-policy-cleaner.c dm cache: policy change version from string to integer set 2013-03-20 17:21:27 +00:00
dm-cache-policy-internal.h dm cache: policy change version from string to integer set 2013-03-20 17:21:27 +00:00
dm-cache-policy-mq.c dm cache: avoid conflicting remove_mapping() in mq policy 2013-08-16 15:56:51 -04:00
dm-cache-policy.c dm cache: policy change version from string to integer set 2013-03-20 17:21:27 +00:00
dm-cache-policy.h dm cache policy: fix description of lookup fn 2013-05-10 14:37:17 +01:00
dm-cache-target.c dm cache: eliminate holes in cache structure 2013-08-23 09:02:14 -04:00
dm-crypt.c dm: stop using WQ_NON_REENTRANT 2013-08-23 09:02:13 -04:00
dm-delay.c dm: rename request variables to bios 2013-03-01 22:45:47 +00:00
dm-exception-store.c dm: replace simple_strtoul 2012-07-27 15:07:59 +01:00
dm-exception-store.h
dm-flakey.c dm flakey: correct ctr alloc failure mesg 2013-07-10 23:41:17 +01:00
dm-io.c dm: add reserved_bio_based_ios module parameter 2013-09-23 10:42:24 -04:00
dm-ioctl.c dm: add statistics support 2013-09-05 20:46:06 -04:00
dm-kcopyd.c dm: stop using WQ_NON_REENTRANT 2013-08-23 09:02:13 -04:00
dm-linear.c dm: rename request variables to bios 2013-03-01 22:45:47 +00:00
dm-log-userspace-base.c
dm-log-userspace-transfer.c connector/userns: replace netlink uses of cap_raised() with capable() 2012-05-10 23:21:39 -04:00
dm-log-userspace-transfer.h
dm-log.c dm: use memweight() 2012-07-30 17:25:16 -07:00
dm-mpath.c dm: add reserved_rq_based_ios module parameter 2013-09-23 10:42:24 -04:00
dm-mpath.h
dm-path-selector.c
dm-path-selector.h
dm-queue-length.c
dm-raid1.c dm: stop using WQ_NON_REENTRANT 2013-08-23 09:02:13 -04:00
dm-raid.c MD: Remember the last sync operation that was performed 2013-06-26 12:38:24 +10:00
dm-region-hash.c dm raid1: fix crash with mirror recovery and discard 2012-07-20 14:25:03 +01:00
dm-round-robin.c
dm-service-time.c
dm-snap-persistent.c dm snapshot: fix data corruption 2013-10-16 03:17:47 +01:00
dm-snap-transient.c
dm-snap.c dm-snapshot: fix performance degradation due to small hash size 2013-09-20 10:36:34 -04:00
dm-stats.c dm stats: fix possible counter corruption on 32-bit systems 2013-09-18 14:41:06 -04:00
dm-stats.h dm: add statistics support 2013-09-05 20:46:06 -04:00
dm-stripe.c dm stripe: silence a couple sparse warnings 2013-09-06 11:36:01 -04:00
dm-switch.c dm: add switch target 2013-07-10 23:41:19 +01:00
dm-sysfs.c
dm-table.c dm ioctl: increase granularity of type_lock when loading table 2013-09-05 20:46:06 -04:00
dm-target.c dm: allow error target to replace bio-based and request-based targets 2013-09-05 20:46:05 -04:00
dm-thin-metadata.c dm thin: generate event when metadata threshold passed 2013-05-10 14:37:21 +01:00
dm-thin-metadata.h dm thin: generate event when metadata threshold passed 2013-05-10 14:37:21 +01:00
dm-thin.c dm thin: do not expose non-zero discard limits if discards disabled 2013-09-23 10:42:06 -04:00
dm-uevent.c
dm-uevent.h
dm-verity.c dm verity: use __ffs and __fls 2013-07-10 23:41:17 +01:00
dm-zero.c dm: rename request variables to bios 2013-03-01 22:45:47 +00:00
dm.c dm: add reserved_bio_based_ios module parameter 2013-09-23 10:42:24 -04:00
dm.h dm: add reserved_bio_based_ios module parameter 2013-09-23 10:42:24 -04:00
faulty.c block: Add bio_end_sector() 2013-03-23 14:15:29 -07:00
Kconfig dm: add switch target 2013-07-10 23:41:19 +01:00
linear.c block: Add bio_end_sector() 2013-03-23 14:15:29 -07:00
linear.h
Makefile dm: add statistics support 2013-09-05 20:46:06 -04:00
md.c md: Convert use of typedef ctl_table to struct ctl_table 2013-11-19 15:19:18 +11:00
md.h sysfs: clean up sysfs_get_dirent() 2013-09-26 15:33:18 -07:00
multipath.c MD: change the parameter of md thread 2012-10-11 13:34:00 +11:00
multipath.h
raid0.c md: fix buglet in RAID5 -> RAID0 conversion. 2013-06-26 12:38:19 +10:00
raid0.h
raid1.c raid1: Rewrite the implementation of iobarrier. 2013-11-19 15:19:18 +11:00
raid1.h raid1: Rewrite the implementation of iobarrier. 2013-11-19 15:19:18 +11:00
raid5.c md/raid5: Before freeing old multi-thread worker, it should flush them. 2013-11-19 15:19:18 +11:00
raid5.h raid5: relieve lock contention in get_active_stripe() 2013-11-19 15:18:22 +11:00
raid10.c md: use MD_RECOVERY_INTR instead of kthread_should_stop in resync thread. 2013-11-19 15:19:17 +11:00
raid10.h MD RAID10: Improve redundancy for 'far' and 'offset' algorithms (part 1) 2013-02-26 11:55:30 +11:00