Re: [PATCH] block: fix intermittent dm timeout based oops
From: Christof Schmitt
Date: Fri Apr 03 2009 - 10:33:35 EST
On Tue, Mar 24, 2009 at 08:17:30AM +0100, Hannes Reinecke wrote:
> Very rarely under stress testing of dm, oopses are occuring as
> something tampers with an old stack frame. This has been traced back
> to blk_abort_queue() leaving a timeout_list pointing to the stack.
> The reason is that sometimes blk_abort_request() won't delete the
> timer (if the request is marked as complete but before the timer has
> been removed, a small race window). Fix this by splicing back from
> the ususally empty list to the q->timeout_list.
>
> Signed-off-by: Hannes Reinecke <hare@xxxxxxx>
> ---
> block/blk-timeout.c | 6 ++++++
> 1 files changed, 6 insertions(+), 0 deletions(-)
>
> diff --git a/block/blk-timeout.c b/block/blk-timeout.c
> index bbbdc4b..6213123 100644
> --- a/block/blk-timeout.c
> +++ b/block/blk-timeout.c
> @@ -224,6 +224,12 @@ void blk_abort_queue(struct request_queue *q)
> list_for_each_entry_safe(rq, tmp, &list, timeout_list)
> blk_abort_request(rq);
>
> + /*
> + * Occasionally, blk_abort_request() will return without
> + * deleting the element from the list
> + */
> + list_splice(&list, &q->timeout_list);
> +
> spin_unlock_irqrestore(q->queue_lock, flags);
>
> }
> --
> 1.5.3.2
I just noticed that this fix is not upstream yet and i have seen test
cases hitting this problem.
Jens, are you going to included this patch, or should this go through
the SCSI tree?
--
Christof Schmitt
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/