Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S937974AbdCJOZ4 (ORCPT ); Fri, 10 Mar 2017 09:25:56 -0500 Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]:42516 "EHLO shadbolt.e.decadent.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933708AbdCJLvJ (ORCPT ); Fri, 10 Mar 2017 06:51:09 -0500 Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline Content-Transfer-Encoding: 8bit MIME-Version: 1.0 From: Ben Hutchings To: linux-kernel@vger.kernel.org, stable@vger.kernel.org CC: akpm@linux-foundation.org, "Bart Van Assche" , "Mike Snitzer" Date: Fri, 10 Mar 2017 11:46:22 +0000 Message-ID: X-Mailer: LinuxStableQueue (scripts by bwh) Subject: [PATCH 3.16 033/370] dm rq: fix a race condition in rq_completed() In-Reply-To: X-SA-Exim-Connect-IP: 82.70.136.246 X-SA-Exim-Mail-From: ben@decadent.org.uk X-SA-Exim-Scanned: No (on shadbolt.decadent.org.uk); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1428 Lines: 46 3.16.42-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: Bart Van Assche commit d15bb3a6467e102e60d954aadda5fb19ce6fd8ec upstream. It is required to hold the queue lock when calling blk_run_queue_async() to avoid that a race between blk_run_queue_async() and blk_cleanup_queue() is triggered. Signed-off-by: Bart Van Assche Signed-off-by: Mike Snitzer [bwh: Backported to 3.16: adjust filename] Signed-off-by: Ben Hutchings --- drivers/md/dm.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -868,6 +868,9 @@ static void end_clone_bio(struct bio *cl */ static void rq_completed(struct mapped_device *md, int rw, int run_queue) { + struct request_queue *q = md->queue; + unsigned long flags; + atomic_dec(&md->pending[rw]); /* nudge anyone waiting on suspend queue */ @@ -880,8 +883,11 @@ static void rq_completed(struct mapped_d * back into ->request_fn() could deadlock attempting to grab the * queue lock again. */ - if (run_queue) - blk_run_queue_async(md->queue); + if (run_queue) { + spin_lock_irqsave(q->queue_lock, flags); + blk_run_queue_async(q); + spin_unlock_irqrestore(q->queue_lock, flags); + } /* * dm_put() must be at the end of this function. See the comment above