[PATCH] dm free minor after unlink gendisk
From: Jun'ichi Nomura
Date: Fri Feb 24 2006 - 12:23:57 EST
Hello,
free_dev() releases minor number before unregistering gendisk.
It creates a window where two registered gendisk with same number
exist, which will cause problem.
Typically, if you run the following script,
you will hit WARN_ON() in kref_get().
#!/bin/sh
(while dmsetup create a --notable; do dmsetup remove a; done) &
(while dmsetup create b --notable; do dmsetup remove b; done) &
Attached patch fixes this problem.
--
Jun'ichi Nomura, NEC Solutions (America), Inc.
minor number should be freed after del_gendisk().
Otherwise, there could be a window where 2 registered gendisk
has same minor number.
Signed-off-by: Jun'ichi Nomura <j-nomura@xxxxxxxxxxxxx>
--- linux-2.6.15.orig/drivers/md/dm.c 2006-02-24 11:05:05.000000000 -0500
+++ linux-2.6.15/drivers/md/dm.c 2006-02-24 11:17:54.000000000 -0500
@@ -812,14 +812,16 @@ static struct mapped_device *alloc_dev(u
static void free_dev(struct mapped_device *md)
{
+ unsigned int minor = md->disk->first_minor;
+
if (md->suspended_bdev) {
thaw_bdev(md->suspended_bdev, NULL);
bdput(md->suspended_bdev);
}
- free_minor(md->disk->first_minor);
mempool_destroy(md->tio_pool);
mempool_destroy(md->io_pool);
del_gendisk(md->disk);
+ free_minor(minor);
put_disk(md->disk);
blk_put_queue(md->queue);
kfree(md);