• Milan Broz's avatar
    dm crypt: wait for endio to complete before destruction · b35f8caa
    Milan Broz authored
    The following oops has been reported when dm-crypt runs over a loop device.
    
    ...
    [   70.381058] Process loop0 (pid: 4268, ti=cf3b2000 task=cf1cc1f0 task.ti=cf3b2000)
    ...
    [   70.381058] Call Trace:
    [   70.381058]  [<d0d76601>] ? crypt_dec_pending+0x5e/0x62 [dm_crypt]
    [   70.381058]  [<d0d767b8>] ? crypt_endio+0xa2/0xaa [dm_crypt]
    [   70.381058]  [<d0d76716>] ? crypt_endio+0x0/0xaa [dm_crypt]
    [   70.381058]  [<c01a2f24>] ? bio_endio+0x2b/0x2e
    [   70.381058]  [<d0806530>] ? dec_pending+0x224/0x23b [dm_mod]
    [   70.381058]  [<d08066e4>] ? clone_endio+0x79/0xa4 [dm_mod]
    [   70.381058]  [<d080666b>] ? clone_endio+0x0/0xa4 [dm_mod]
    [   70.381058]  [<c01a2f24>] ? bio_endio+0x2b/0x2e
    [   70.381058]  [<c02bad86>] ? loop_thread+0x380/0x3b7
    [   70.381058]  [<c02ba8a1>] ? do_lo_send_aops+0x0/0x165
    [   70.381058]  [<c013754f>] ? autoremove_wake_function+0x0/0x33
    [   70.381058]  [<c02baa06>] ? loop_thread+0x0/0x3b7
    
    When a table is being replaced, it waits for I/O to complete
    before destroying the mempool, but the endio function doesn't
    call mempool_free() until after completing the bio.
    
    Fix it by swapping the order of those two operations.
    
    The same problem occurs in dm.c with md referenced after dec_pending.
    Again, we swap the order.
    
    Cc: stable@kernel.org
    Signed-off-by: default avatarMilan Broz <mbroz@redhat.com>
    Signed-off-by: default avatarAlasdair G Kergon <agk@redhat.com>
    b35f8caa
dm.c 35.5 KB