[dm-devel] [PATCH] dm verity: skip verity work on I/O errors when system is shutting down

[Hyeongseok Kim]

If emergency system shutdown is called, like by thermal shutdown,
dm device could be alive when the block device couldn't process
I/O requests anymore. In this status, the handling of I/O errors
by new dm I/O requests or by those already in-flight can lead to
a verity corruption state, which is misjudgment.
So, skip verity work for I/O error when system is shutting down.

Signed-off-by: Hyeongseok Kim <hyeongseok at gmail.com>
---
 drivers/md/dm-verity-target.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c
index f74982dcbea0..ba62c537798b 100644
--- a/drivers/md/dm-verity-target.c
+++ b/drivers/md/dm-verity-target.c
@@ -64,6 +64,15 @@ struct buffer_aux {
 	int hash_verified;
 };
 
+/*
+ * While system shutdown, skip verity work for I/O error.
+ */
+static inline bool verity_is_system_shutting_down(void)
+{
+	return system_state == SYSTEM_HALT || system_state == SYSTEM_POWER_OFF
+		|| system_state == SYSTEM_RESTART;
+}
+
 /*
  * Initialize struct buffer_aux for a freshly created buffer.
  */
@@ -564,7 +573,8 @@ static void verity_end_io(struct bio *bio)
 {
 	struct dm_verity_io *io = bio->bi_private;
 
-	if (bio->bi_status && !verity_fec_is_enabled(io->v)) {
+	if (bio->bi_status &&
+		(!verity_fec_is_enabled(io->v) || verity_is_system_shutting_down())) {
 		verity_finish_io(io, bio->bi_status);
 		return;
 	}
-- 
2.27.0.83.g0313f36