• Marc Dionne's avatar
    dm thin: fix crash by initializing thin device's refcount and completion earlier · 2b94e896
    Marc Dionne authored
    Commit 80e96c54 ("dm thin: do not allow thin device activation
    while pool is suspended") delayed the initialization of a new thin
    device's refcount and completion until after this new thin was added
    to the pool's active_thins list and the pool lock is released.  This
    opens a race with a worker thread that walks the list and calls
    thin_get/put, noticing that the refcount goes to 0 and calling
    complete, freezing up the system and giving the oops below:
    
     kernel: BUG: unable to handle kernel NULL pointer dereference at           (null)
     kernel: IP: [<ffffffff810d360b>] __wake_up_common+0x2b/0x90
    
     kernel: Call Trace:
     kernel: [<ffffffff810d3683>] __wake_up_locked+0x13/0x20
     kernel: [<ffffffff810d3dc7>] complete+0x37/0x50
     kernel: [<ffffffffa0595c50>] thin_put+0x20/0x30 [dm_thin_pool]
     kernel: [<ffffffffa059aab7>] do_worker+0x667/0x870 [dm_thin_pool]
     kernel: [<ffffffff816a8a4c>] ? __schedule+0x3ac/0x9a0
     kernel: [<ffffffff810b1aef>] process_one_work+0x14f/0x400
     kernel: [<ffffffff810b206b>] worker_thread+0x6b/0x490
     kernel: [<ffffffff810b2000>] ? rescuer_thread+0x260/0x260
     kernel: [<ffffffff810b6a7b>] kthread+0xdb/0x100
     kernel: [<ffffffff810b69a0>] ? kthread_create_on_node+0x170/0x170
     kernel: [<ffffffff816ad7ec>] ret_from_fork+0x7c/0xb0
     kernel: [<ffffffff810b69a0>] ? kthread_create_on_node+0x170/0x170
    
    Set the thin device's initial refcount and initialize the completion
    before adding it to the pool's active_thins list in thin_ctr().
    Signed-off-by: default avatarMarc Dionne <marc.dionne@your-file-system.com>
    Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
    2b94e896
dm-thin.c 102 KB