This is a note to let you know that I've just added the patch titled
md: Ensure no IO request to get md device before it is properly initialised.
to the 2.6.36-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
md-ensure-no-io-request-to-get-md-device-before-it-is-properly-initialised.patch
and it can be found in the queue-2.6.36 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.
>From 0ca69886a8273ac1350143d562280bfcbe4760dc Mon Sep 17 00:00:00 2001
From: NeilBrown <[email protected]>
Date: Fri, 14 Jan 2011 09:14:33 +1100
Subject: md: Ensure no IO request to get md device before it is properly
initialised.
From: NeilBrown <[email protected]>
commit 0ca69886a8273ac1350143d562280bfcbe4760dc upstream.
When an md device is in the process of coming on line it is possible
for an IO request (typically a partition table probe) to get through
before the array is fully initialised, which can cause unexpected
behaviour (e.g. a crash).
So explicitly record when the array is ready for IO and don't allow IO
through until then.
There is no possibility for a similar problem when the array is going
off-line as there must only be one 'open' at that time, and it is busy
off-lining the array and so cannot send IO requests. So no memory
barrier is needed in md_stop()
This has been a bug since commit 409c57f3801 in 2.6.30 which
introduced md_make_request. Before then, each personality would
register its own make_request_fn when it was ready.
This is suitable for any stable kernel from 2.6.30.y onwards.
Signed-off-by: NeilBrown <[email protected]>
Reported-by: "Hawrylewicz Czarnowski, Przemyslaw"
<[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/md/md.c | 8 ++++++--
drivers/md/md.h | 3 ++-
2 files changed, 8 insertions(+), 3 deletions(-)
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -221,10 +221,12 @@ static int md_make_request(struct reques
int rv;
int cpu;
- if (mddev == NULL || mddev->pers == NULL) {
+ if (mddev == NULL || mddev->pers == NULL
+ || !mddev->ready) {
bio_io_error(bio);
return 0;
}
+ smp_rmb(); /* Ensure implications of 'active' are visible */
rcu_read_lock();
if (mddev->suspended || mddev->barrier) {
DEFINE_WAIT(__wait);
@@ -4554,7 +4556,8 @@ int md_run(mddev_t *mddev)
mddev->safemode_timer.data = (unsigned long) mddev;
mddev->safemode_delay = (200 * HZ)/1000 +1; /* 200 msec delay */
mddev->in_sync = 1;
-
+ smp_wmb();
+ mddev->ready = 1;
list_for_each_entry(rdev, &mddev->disks, same_set)
if (rdev->raid_disk >= 0) {
char nm[20];
@@ -4716,6 +4719,7 @@ EXPORT_SYMBOL_GPL(md_stop_writes);
void md_stop(mddev_t *mddev)
{
+ mddev->ready = 0;
mddev->pers->stop(mddev);
if (mddev->pers->sync_request && mddev->to_remove == NULL)
mddev->to_remove = &md_redundancy_group;
--- a/drivers/md/md.h
+++ b/drivers/md/md.h
@@ -149,7 +149,8 @@ struct mddev_s
* are happening, so run/
* takeover/stop are not
safe
*/
-
+ int ready; /* See when safe to pass
+ * IO requests down */
struct gendisk *gendisk;
struct kobject kobj;
Patches currently in stable-queue which might be from [email protected] are
queue-2.6.36/md-fix-removal-of-extra-drives-when-converting-raid6-to-raid5.patch
queue-2.6.36/md-fix-regression-resulting-in-delays-in-clearing-bits-in-a-bitmap.patch
queue-2.6.36/md_make_request-don-t-touch-the-bio-after-calling-make_request.patch
queue-2.6.36/md-fix-regression-with-re-adding-devices-to-arrays-with-no-metadata.patch
queue-2.6.36/md-ensure-no-io-request-to-get-md-device-before-it-is-properly-initialised.patch
_______________________________________________
stable mailing list
[email protected]
http://linux.kernel.org/mailman/listinfo/stable
