[PATCH 4.14 35/61] md: dont call bitmap_create() while array is quiesced.

From: Greg Kroah-Hartman
Date: Fri Jul 06 2018 - 01:51:26 EST


4.14-stable review patch. If anyone has any objections, please let me know.

------------------

From: NeilBrown <neilb@xxxxxxxx>

commit 52a0d49de3d592a3118e13f35985e3d99eaf43df upstream.

bitmap_create() allocates memory with GFP_KERNEL and
so can wait for IO.
If called while the array is quiesced, it could wait indefinitely
for write out to the array - deadlock.
So call bitmap_create() before quiescing the array.

Signed-off-by: NeilBrown <neilb@xxxxxxxx>
Signed-off-by: Shaohua Li <shli@xxxxxx>
Signed-off-by: Jack Wang <jinpu.wang@xxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
drivers/md/md.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)

--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -6645,22 +6645,26 @@ static int set_bitmap_file(struct mddev
return -ENOENT; /* cannot remove what isn't there */
err = 0;
if (mddev->pers) {
- mddev->pers->quiesce(mddev, 1);
if (fd >= 0) {
struct bitmap *bitmap;

bitmap = bitmap_create(mddev, -1);
+ mddev->pers->quiesce(mddev, 1);
if (!IS_ERR(bitmap)) {
mddev->bitmap = bitmap;
err = bitmap_load(mddev);
} else
err = PTR_ERR(bitmap);
- }
- if (fd < 0 || err) {
+ if (err) {
+ bitmap_destroy(mddev);
+ fd = -1;
+ }
+ mddev->pers->quiesce(mddev, 0);
+ } else if (fd < 0) {
+ mddev->pers->quiesce(mddev, 1);
bitmap_destroy(mddev);
- fd = -1; /* make sure to put the file */
+ mddev->pers->quiesce(mddev, 0);
}
- mddev->pers->quiesce(mddev, 0);
}
if (fd < 0) {
struct file *f = mddev->bitmap_info.file;
@@ -6944,8 +6948,8 @@ static int update_array_info(struct mdde
mddev->bitmap_info.default_offset;
mddev->bitmap_info.space =
mddev->bitmap_info.default_space;
- mddev->pers->quiesce(mddev, 1);
bitmap = bitmap_create(mddev, -1);
+ mddev->pers->quiesce(mddev, 1);
if (!IS_ERR(bitmap)) {
mddev->bitmap = bitmap;
rv = bitmap_load(mddev);