[dm-devel] [patch] dm-raid1.c fix a race bug in __rh_alloc()
Jun'ichi Nomura
j-nomura at ce.jp.nec.com
Tue Jun 28 13:46:08 UTC 2005
Hi,
Jonathan E Brassow wrote:
> I believe this also fixes Jun'ichi's issue (*[dm-devel] [PATCH]
> 2.6.12-rc6: fix __rh_alloc()/rh_update_states() race in dm-raid1.c)
Unfortunately, it doesn't eliminate the possibility of the region
being freed during lock conversion (though the possibility becomes
very very low) and also it will cause other problems.
I modified his patch with fixes below
- spin_lock should be spin_lock_irq to avoid deadlock,
- needs to check pending count to avoid moving dirty region to clean list,
and added retry code.
This one should work. How about this?
However, I think we need to find smarter fix not to depend on retry.
Thanks,
Jonathan E Brassow wrote:
> I believe this also fixes Jun'ichi's issue (*[dm-devel] [PATCH]
> 2.6.12-rc6: fix __rh_alloc()/rh_update_states() race in dm-raid1.c)
>
> brassow
> *
> On Jun 16, 2005, at 9:21 PM, Zhao Qian wrote:
>
> after write_unlock_irq and just before read_lock, there's a small
> window which enables a race causing deletion of the region struct in
> function rh_update_states(). then in rh_dec(), the __rh_lookup()
> will return null, causing kernel panic.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dm.patch
Type: text/x-patch
Size: 1054 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/dm-devel/attachments/20050628/f5e94f8b/attachment.bin>
More information about the dm-devel
mailing list