git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Mikulas Patocka <mpatocka@redhat.com>
	Wed, 29 Nov 2023 18:38:43 +0000 (13:38 -0500)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sun, 3 Dec 2023 06:32:11 +0000 (07:32 +0100)
commit	4241b51f3ef8b6f567c696640cbe4fbdfc0898fd
tree	0cef6571a1548f83fa78dad84e3233c9ea870dd2	tree
parent	c4d39575107984e5e68674fde8de7f8a858ebe80	commit \| diff

dm-delay: fix a race between delay_presuspend and delay_bio

[ Upstream commit 6fc45b6ed921dc00dfb264dc08c7d67ee63d2656 ]

In delay_presuspend, we set the atomic variable may_delay and then stop
the timer and flush pending bios. The intention here is to prevent the
delay target from re-arming the timer again.

However, this test is racy. Suppose that one thread goes to delay_bio,
sees that dc->may_delay is one and proceeds; now, another thread executes
delay_presuspend, it sets dc->may_delay to zero, deletes the timer and
flushes pending bios. Then, the first thread continues and adds the bio to
delayed->list despite the fact that dc->may_delay is false.

Fix this bug by changing may_delay's type from atomic_t to bool and
only access it while holding the delayed_bios_lock mutex. Note that we
don't have to grab the mutex in delay_resume because there are no bios
in flight at this point.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>