[PATCH AUTOSEL 4.4 07/18] RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0

From: Sasha Levin
Date: Mon Sep 24 2018 - 10:51:33 EST

Next message: Sasha Levin: "[PATCH AUTOSEL 4.4 14/18] mac80211: fix a race between restart and CSA flows"
Previous message: Sasha Levin: "[PATCH AUTOSEL 4.4 06/18] cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE"
In reply to: Sasha Levin: "[PATCH AUTOSEL 4.4 06/18] cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE"
Next in thread: Sasha Levin: "[PATCH AUTOSEL 4.4 14/18] mac80211: fix a race between restart and CSA flows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Xiao Ni <xni@xxxxxxxxxx>

[ Upstream commit 1d0ffd264204eba1861865560f1f7f7a92919384 ]

In raid10 reshape_request it gets max_sectors in read_balance. If the underlayer disks
have bad blocks, the max_sectors is less than last. It will call goto read_more many
times. It calls raise_barrier(conf, sectors_done != 0) every time. In this condition
sectors_done is not 0. So the value passed to the argument force of raise_barrier is
true.

In raise_barrier it checks conf->barrier when force is true. If force is true and
conf->barrier is 0, it panic. In this case reshape_request submits bio to under layer
disks. And in the callback function of the bio it calls lower_barrier. If the bio
finishes before calling raise_barrier again, it can trigger the BUG_ON.

Add one pair of raise_barrier/lower_barrier to fix this bug.

Signed-off-by: Xiao Ni <xni@xxxxxxxxxx>
Suggested-by: Neil Brown <neilb@xxxxxxxx>
Signed-off-by: Shaohua Li <shli@xxxxxx>
Signed-off-by: Sasha Levin <alexander.levin@xxxxxxxxxxxxx>
---
drivers/md/raid10.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
index 8a731bdd268e..89111d455b71 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -4336,11 +4336,12 @@ static sector_t reshape_request(struct mddev *mddev, sector_t sector_nr,
allow_barrier(conf);
}

+ raise_barrier(conf, 0);
read_more:
/* Now schedule reads for blocks from sector_nr to last */
r10_bio = mempool_alloc(conf->r10buf_pool, GFP_NOIO);
r10_bio->state = 0;
- raise_barrier(conf, sectors_done != 0);
+ raise_barrier(conf, 1);
atomic_set(&r10_bio->remaining, 0);
r10_bio->mddev = mddev;
r10_bio->sector = sector_nr;
@@ -4445,6 +4446,8 @@ static sector_t reshape_request(struct mddev *mddev, sector_t sector_nr,
if (sector_nr <= last)
goto read_more;

+ lower_barrier(conf);
+
/* Now that we have done the whole section we can
* update reshape_progress
*/
--
2.17.1

Next message: Sasha Levin: "[PATCH AUTOSEL 4.4 14/18] mac80211: fix a race between restart and CSA flows"
Previous message: Sasha Levin: "[PATCH AUTOSEL 4.4 06/18] cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE"
In reply to: Sasha Levin: "[PATCH AUTOSEL 4.4 06/18] cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE"
Next in thread: Sasha Levin: "[PATCH AUTOSEL 4.4 14/18] mac80211: fix a race between restart and CSA flows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]