iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
fadcbd2901
linux/drivers
History
Guoqing Jiang fadcbd2901 md/bitmap: avoid race window between md_bitmap_resize and bitmap_file_clear_bit 
We need to move "spin_lock_irq(&bitmap->counts.lock)" before unmap previous
storage, otherwise panic like belows could happen as follows.

[  902.353802] sdl: detected capacity change from 1077936128 to 3221225472
[  902.616948] general protection fault: 0000 [#1] SMP
[snip]
[  902.618588] CPU: 12 PID: 33698 Comm: md0_raid1 Tainted: G           O    4.14.144-1-pserver #4.14.144-1.1~deb10
[  902.618870] Hardware name: Supermicro SBA-7142G-T4/BHQGE, BIOS 3.00       10/24/2012
[  902.619120] task: ffff9ae1860fc600 task.stack: ffffb52e4c704000
[  902.619301] RIP: 0010:bitmap_file_clear_bit+0x90/0xd0 [md_mod]
[  902.619464] RSP: 0018:ffffb52e4c707d28 EFLAGS: 00010087
[  902.619626] RAX: ffe8008b0d061000 RBX: ffff9ad078c87300 RCX: 0000000000000000
[  902.619792] RDX: ffff9ad986341868 RSI: 0000000000000803 RDI: ffff9ad078c87300
[  902.619986] RBP: ffff9ad0ed7a8000 R08: 0000000000000000 R09: 0000000000000000
[  902.620154] R10: ffffb52e4c707ec0 R11: ffff9ad987d1ed44 R12: ffff9ad0ed7a8360
[  902.620320] R13: 0000000000000003 R14: 0000000000060000 R15: 0000000000000800
[  902.620487] FS:  0000000000000000(0000) GS:ffff9ad987d00000(0000) knlGS:0000000000000000
[  902.620738] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  902.620901] CR2: 000055ff12aecec0 CR3: 0000001005207000 CR4: 00000000000406e0
[  902.621068] Call Trace:
[  902.621256]  bitmap_daemon_work+0x2dd/0x360 [md_mod]
[  902.621429]  ? find_pers+0x70/0x70 [md_mod]
[  902.621597]  md_check_recovery+0x51/0x540 [md_mod]
[  902.621762]  raid1d+0x5c/0xeb0 [raid1]
[  902.621939]  ? try_to_del_timer_sync+0x4d/0x80
[  902.622102]  ? del_timer_sync+0x35/0x40
[  902.622265]  ? schedule_timeout+0x177/0x360
[  902.622453]  ? call_timer_fn+0x130/0x130
[  902.622623]  ? find_pers+0x70/0x70 [md_mod]
[  902.622794]  ? md_thread+0x94/0x150 [md_mod]
[  902.622959]  md_thread+0x94/0x150 [md_mod]
[  902.623121]  ? wait_woken+0x80/0x80
[  902.623280]  kthread+0x119/0x130
[  902.623437]  ? kthread_create_on_node+0x60/0x60
[  902.623600]  ret_from_fork+0x22/0x40
[  902.624225] RIP: bitmap_file_clear_bit+0x90/0xd0 [md_mod] RSP: ffffb52e4c707d28

Because mdadm was running on another cpu to do resize, so bitmap_resize was
called to replace bitmap as below shows.

PID: 38801  TASK: ffff9ad074a90e00  CPU: 0   COMMAND: "mdadm"
   [exception RIP: queued_spin_lock_slowpath+56]
   [snip]
-- <NMI exception stack> --
 #5 [ffffb52e60f17c58] queued_spin_lock_slowpath at ffffffff9c0b27b8
 #6 [ffffb52e60f17c58] bitmap_resize at ffffffffc0399877 [md_mod]
 #7 [ffffb52e60f17d30] raid1_resize at ffffffffc0285bf9 [raid1]
 #8 [ffffb52e60f17d50] update_size at ffffffffc038a31a [md_mod]
 #9 [ffffb52e60f17d70] md_ioctl at ffffffffc0395ca4 [md_mod]

And the procedure to keep resize bitmap safe is allocate new storage
space, then quiesce, copy bits, replace bitmap, and re-start.

However the daemon (bitmap_daemon_work) could happen even the array is
quiesced, which means when bitmap_file_clear_bit is triggered by raid1d,
then it thinks it should be fine to access store->filemap since
counts->lock is held, but resize could change the storage without the
protection of the lock.

Cc: Jack Wang <jinpu.wang@cloud.ionos.com>
Cc: NeilBrown <neilb@suse.com>
Signed-off-by: Guoqing Jiang <guoqing.jiang@cloud.ionos.com>
Signed-off-by: Song Liu <songliubraving@fb.com>
2019-10-24 15:22:40 -07:00
..
accessibility
acpi Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2019-09-28 08:14:15 -07:00
amba ARM updates for 5.4-rc1: 2019-09-22 09:39:09 -07:00
android
ata ata: libahci_platform: Add of_node_put() before loop exit 2019-09-19 12:21:44 -06:00
atm atm: he: clean up an indentation issue 2019-09-25 13:54:45 +02:00
auxdisplay It's a somewhat calmer cycle for docs this time, as the churn of the mass 2019-09-17 16:22:26 -07:00
base mm,thp: stats for file backed THP 2019-09-24 15:54:11 -07:00
bcma bcma: make arrays pwr_info_offset and sprom_sizes static const, shrinks object size 2019-09-13 16:44:49 +03:00
block null_blk: return fixed zoned reads > write pointer 2019-10-17 19:01:22 -06:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2019-09-15 14:17:27 +02:00
bus ARM: SoC fixes 2019-09-30 10:04:28 -07:00
cdrom
char char/random: Add a newline at the end of the file 2019-10-02 13:49:43 -07:00
clk Fixes for omaps for v5.4-rc cycle 2019-10-03 09:15:19 -07:00
clocksource timer-of: don't use conditional expression with mixed 'void' types 2019-10-02 16:16:07 -07:00
connector
counter
cpufreq Power management updates for 5.4-rc1 2019-09-17 19:15:14 -07:00
cpuidle Power management updates for 5.4-rc1 2019-09-17 19:15:14 -07:00
crypto Merge branch 'akpm' (patches from Andrew) 2019-09-24 16:10:23 -07:00
dax
dca
devfreq
dio
dma Main MIPS changes for v5.4: 2019-09-22 09:30:30 -07:00
dma-buf
edac ARM updates for 5.4-rc1: 2019-09-22 09:39:09 -07:00
eisa
extcon chrome platform changes for v5.4 2019-09-19 14:14:28 -07:00
firewire
firmware ARM: SoC fixes 2019-09-30 10:04:28 -07:00
fpga Char/Misc driver patches for 5.4-rc1 2019-09-18 11:14:31 -07:00
fsi
gnss
gpio pwm: Changes for v5.4-rc1 2019-09-27 12:19:47 -07:00
gpu - Fix DP-MST crtc_mask 2019-10-04 16:31:06 +10:00
greybus
hid - First round of vmbus hibernation support from Dexuan Cui. 2019-09-24 12:36:31 -07:00
hsi HSI changes for the 5.4 series 2019-09-22 12:02:21 -07:00
hv - First round of vmbus hibernation support from Dexuan Cui. 2019-09-24 12:36:31 -07:00
hwmon ARM SCMI fixes for v5.4 2019-09-29 11:20:41 -07:00
hwspinlock
hwtracing Char/Misc driver patches for 5.4-rc1 2019-09-18 11:14:31 -07:00
i2c i2c: slave-eeprom: Add read only mode 2019-09-28 20:44:12 +02:00
i3c
ide
idle
iio chrome platform changes for v5.4 2019-09-19 14:14:28 -07:00
infiniband Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2019-09-28 17:47:33 -07:00
input chrome platform changes for v5.4 2019-09-19 14:14:28 -07:00
interconnect
iommu IOMMU Fixes for Linux v5.4-rc1 2019-09-29 10:00:14 -07:00
ipack
irqchip Main MIPS changes for v5.4: 2019-09-22 09:30:30 -07:00
isdn mISDN: enforce CAP_NET_RAW for raw sockets 2019-09-24 16:37:18 +02:00
leds leds: lm3532: Fix optional led-max-microamp prop error handling 2019-09-12 20:45:52 +02:00
lightnvm lightnvm: print error when target is not found 2019-09-05 13:17:01 -06:00
macintosh
mailbox mailbox: qcom-apcs: fix max_register value 2019-09-17 00:54:29 -05:00
mcb
md md/bitmap: avoid race window between md_bitmap_resize and bitmap_file_clear_bit 2019-10-24 15:22:40 -07:00
media media/v4l2-core: untag user pointers in videobuf_dma_contig_user_get 2019-09-25 17:51:41 -07:00
memory
memstick ms_block: fix spelling mistake "randomally" -> "randomly" 2019-09-11 16:11:01 +02:00
message
mfd Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/evalenti/linux-soc-thermal 2019-09-29 10:24:23 -07:00
misc Merge branch 'i2c/for-5.4' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2019-09-24 16:48:02 -07:00
mmc mmc: host: sdhci-pci: Add Genesys Logic GL975x support 2019-09-27 20:48:20 +02:00
mtd Main MIPS changes for v5.4: 2019-09-22 09:30:30 -07:00
mux
net net: qlogic: Fix memory leak in ql_alloc_large_buffers 2019-10-04 18:33:13 -07:00
nfc NFC: st95hf: clean up indentation issue 2019-09-27 20:31:18 +02:00
ntb NTB: fix IDT Kconfig typos/spellos 2019-09-23 17:20:40 -04:00
nubus
nvdimm libnvdimm fixes v5.4-rc1 2019-09-29 10:33:41 -07:00
nvme Merge branch 'nvme-5.4' of git://git.infradead.org/nvme into for-linus 2019-09-27 13:17:37 -06:00
nvmem Char/Misc driver patches for 5.4-rc1 2019-09-18 11:14:31 -07:00
of Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2019-09-28 17:47:33 -07:00
opp
oprofile
parisc dma-mapping updates for 5.4: 2019-09-19 13:27:23 -07:00
parport Char/Misc driver patches for 5.4-rc1 2019-09-18 11:14:31 -07:00
pci Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2019-09-28 08:14:15 -07:00
pcmcia Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2019-09-28 08:14:15 -07:00
perf
phy pci-v5.4-changes 2019-09-23 19:16:01 -07:00
pinctrl This is the bulk of pin control changes for the v5.4 kernel 2019-09-19 14:19:33 -07:00
platform platform-drivers-x86 for v5.4-2 2019-09-24 12:39:40 -07:00
pnp
power power supply and reset changes for the v5.4 series 2019-09-22 12:04:59 -07:00
powercap Power management updates for 5.4-rc1 2019-09-17 19:15:14 -07:00
pps
ps3
ptp ptp_qoriq: Initialize the registers' spinlock before calling ptp_qoriq_settime 2019-10-02 12:20:38 -04:00
pwm pwm: Changes for v5.4-rc1 2019-09-27 12:19:47 -07:00
rapidio
ras
regulator LED updates for 5.4-rc1 2019-09-17 18:40:42 -07:00
remoteproc remoteproc updates for v5.4 2019-09-22 10:55:08 -07:00
reset ARM: SoC fixes 2019-09-30 10:04:28 -07:00
rpmsg rpmsg: glink-smem: Name the edge based on parent remoteproc 2019-09-17 15:33:31 -07:00
rtc RTC for 5.4 2019-09-22 11:05:43 -07:00
s390 s390 updates for 5.4-rc2 2019-10-05 08:44:02 -07:00
sbus
scsi SCSI fixes on 20191004 2019-10-05 12:53:27 -07:00
sfi
sh
siox
slimbus
soc ARM: SoC driver updates for v5.4 2019-09-16 15:52:38 -07:00
soundwire soundwire updates for v5.4-rc1 2019-09-22 10:52:23 -07:00
spi LED updates for 5.4-rc1 2019-09-17 18:40:42 -07:00
spmi
ssb ssb: make array pwr_info_offset static const, makes object smaller 2019-09-13 17:23:18 +03:00
staging netfilter: drop bridge nf reset from nf_reset 2019-10-01 18:42:15 +02:00
target mm: introduce page_size() 2019-09-24 15:54:08 -07:00
tc
tee tee/shm: untag user pointers in tee_shm_register 2019-09-25 17:51:41 -07:00
thermal Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/evalenti/linux-soc-thermal 2019-09-29 10:24:23 -07:00
thunderbolt
tty Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2019-09-28 08:14:15 -07:00
uio Char/Misc driver patches for 5.4-rc1 2019-09-18 11:14:31 -07:00
usb Merge branch 'work.mount3' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-09-24 12:33:34 -07:00
vfio vfio/type1: untag user pointers in vaddr_get_pfn 2019-09-25 17:51:41 -07:00
vhost Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2019-09-15 14:17:27 +02:00
video video/logo: do not generate unneeded logo C files 2019-10-05 15:29:49 +09:00
virt
virtio virtio_ring: fix unmap of indirect descriptors 2019-09-09 10:43:15 -04:00
visorbus
vlynq
vme
w1
watchdog linux-watchdog 5.4-rc1 tag 2019-09-27 11:17:38 -07:00
xen xen: fixes and cleanups for 5.4-rc2 2019-10-04 11:13:09 -07:00
zorro
Kconfig Staging/IIO driver patches for 5.4-rc1 2019-09-18 11:05:34 -07:00
Makefile Staging/IIO driver patches for 5.4-rc1 2019-09-18 11:05:34 -07:00