diff options
| author | Junichi Nomura <j-nomura@ce.jp.nec.com> | 2015-11-17 10:36:56 +0100 |
|---|---|---|
| committer | Mike Snitzer <snitzer@redhat.com> | 2015-11-17 20:19:00 +0100 |
| commit | 43e43c9ea60a7a1831ec823773e924d2dadefd44 (patch) | |
| tree | ad17d6501aab2fc131ce103b8310941bf18c7b36 /drivers/md/dm-cache-policy-internal.h | |
| parent | dm: do not reuse dm_blk_ioctl block_device input as local variable (diff) | |
| download | linux-43e43c9ea60a7a1831ec823773e924d2dadefd44.tar.xz linux-43e43c9ea60a7a1831ec823773e924d2dadefd44.zip | |
dm mpath: fix infinite recursion in ioctl when no paths and !queue_if_no_path
In multipath_prepare_ioctl(),
- pgpath is a path selected from available paths
- m->queue_io is true if we cannot send a request immediately to
paths, either because:
* there is no available path
* the path group needs activation (pg_init)
- pg_init is not started
- pg_init is still running
- m->queue_if_no_path is true if the device is configured to queue
I/O if there are no available paths
If !pgpath && !m->queue_if_no_path, the handler should return -EIO.
However in the course of refactoring the condition check has broken
and returns success in that case. Since bdev points to the dm device
itself, dm_blk_ioctl() calls __blk_dev_driver_ioctl() for itself and
recurses until crash.
You could reproduce the problem like this:
# dmsetup create mp --table '0 1024 multipath 0 0 0 0'
# sg_inq /dev/mapper/mp
<crash>
[ 172.648615] BUG: unable to handle kernel paging request at fffffffc81b10268
[ 172.662843] PGD 19dd067 PUD 0
[ 172.666269] Thread overran stack, or stack corrupted
[ 172.671808] Oops: 0000 [#1] SMP
...
Fix the condition check with some clarifications.
Fixes: e56f81e0b01e ("dm: refactor ioctl handling")
Signed-off-by: Jun'ichi Nomura <j-nomura@ce.jp.nec.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Diffstat (limited to 'drivers/md/dm-cache-policy-internal.h')
0 files changed, 0 insertions, 0 deletions