scst_copy_mgr: Fix scst_cm_desig_list list corruption #100
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Introduce the helper function scst_cm_get_free_lun(), which purpose is to return the next free copy manager LUN. This patch doesn't change any functionality.
lnocturno
force-pushed
the
3.7/gleb/fix-cm_desig_list-corruption
branch
from
89b4a53
to
225a062
Compare
This patch should fix the following bug: list_del corruption. next->prev should be ffff955cb1ea2540, but was ffff955c54a32440 ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:54! invalid opcode: 0000 [#1] SMP PTI Workqueue: events vdev_inq_changed_fn [scst_vdisk] RIP: 0010:__list_del_entry_valid.cold+0x1d/0x47 Call Trace: scst_cm_dev_unregister+0x66/0xd0 [scst] scst_cm_update_dev+0x41/0xc0 [scst] process_one_work+0x1ee/0x390 worker_thread+0x53/0x3e0 kthread+0x124/0x150 ret_from_fork+0x1f/0x30 scst_cm_desig_list is a global list for all SCST devices. It must be protected with scst_cm_mutex because it can be modified by scst_cm_init_inq_finish() from another thread when scst_cm_update_dev() is called. Fixes: #99
Introduce the helper function scst_cm_dev_free_designators(), which purpose is to free copy manager designators for scst dev. This patch doesn't change any functionality.
lnocturno
force-pushed
the
3.7/gleb/fix-cm_desig_list-corruption
branch
3 times, most recently
from
b46f53a
to
f67325c
Compare
The SCST device may receive several events almost simultaneously to update its designators. Each such event calls scst_cm_update_dev(), which frees all device designators in the global list and then submits a inquiry that fills a new designators into the scst_cm_desig_list list. This is racy because submiting the inquiry is asynchronous and can be finished in another thread. scst_cm_update_dev() 1 scst_cm_update_dev() 2 ---------------------- ---------------------- [1] mutex_lock(&scst_mutex) [2] scst_cm_send_init_inquiry(dev, lun, NULL) [3] mutex_unlock(&scst_mutex) [4] mutex_lock(&scst_mutex) [5] scst_cm_dev_free_designators(dev) [6] scst_cm_init_inq_finish() [7] scst_cm_send_init_inquiry(dev, lun, NULL) [8] mutex_unlock(&scst_mutex) As a result we may get the scst_cm_desig_list list, which contains SCST device designators from several inquiries. Hence serialize scst_cm_desig_list list updates.
lnocturno
force-pushed
the
3.7/gleb/fix-cm_desig_list-corruption
branch
from
f67325c
to
bba854d
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes: #99