drivers/md/dm-raid1.c · 844e8d904a7c1446e3f040683b4a0645c3eb168f · Kirill Smelkov / linux

[PATCH] dm: fix rh_dec()/rh_inc() race in dm-raid1.c · 844e8d90

Jun'ichi Nomura authored Sep 09, 2005

Fix another bug in dm-raid1.c that the dirty region may stay in or be moved
to clean list and freed while in use.

It happens as follows:

   CPU0                                   CPU1
   ------------------------------------------------------------------------------
   rh_dec()
     if (atomic_dec_and_test(pending))
        <the region is still marked dirty>
                                          rh_inc()
                                            if the region is clean
                                               mark the region dirty
                                               and remove from clean list
        mark the region clean
        and move to clean list
                                                  atomic_inc(pending)

At this stage, the region is in clean list and will be mistakenly reclaimed
by rh_update_states() later.
Signed-off-by: Jun'ichi Nomura <j-nomura@ce.jp.nec.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

844e8d90

dm-raid1.c 28.4 KB

Replace dm-raid1.c