From: Greg Kroah-Hartman Date: Tue, 3 Nov 2020 11:14:28 +0000 (+0100) Subject: 4.4-stable patches X-Git-Tag: v4.14.204~46 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=feb435f93e70def48bbde30a54d226944a4ba2b1;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: md-raid5-fix-oops-during-stripe-resizing.patch --- diff --git a/queue-4.4/md-raid5-fix-oops-during-stripe-resizing.patch b/queue-4.4/md-raid5-fix-oops-during-stripe-resizing.patch new file mode 100644 index 00000000000..d1e98b7a4b9 --- /dev/null +++ b/queue-4.4/md-raid5-fix-oops-during-stripe-resizing.patch @@ -0,0 +1,75 @@ +From b44c018cdf748b96b676ba09fdbc5b34fc443ada Mon Sep 17 00:00:00 2001 +From: Song Liu +Date: Mon, 5 Oct 2020 09:35:21 -0700 +Subject: md/raid5: fix oops during stripe resizing + +From: Song Liu + +commit b44c018cdf748b96b676ba09fdbc5b34fc443ada upstream. + +KoWei reported crash during raid5 reshape: + +[ 1032.252932] Oops: 0002 [#1] SMP PTI +[...] +[ 1032.252943] RIP: 0010:memcpy_erms+0x6/0x10 +[...] +[ 1032.252947] RSP: 0018:ffffba1ac0c03b78 EFLAGS: 00010286 +[ 1032.252949] RAX: 0000784ac0000000 RBX: ffff91bec3d09740 RCX: 0000000000001000 +[ 1032.252951] RDX: 0000000000001000 RSI: ffff91be6781c000 RDI: 0000784ac0000000 +[ 1032.252953] RBP: ffffba1ac0c03bd8 R08: 0000000000001000 R09: ffffba1ac0c03bf8 +[ 1032.252954] R10: 0000000000000000 R11: 0000000000000000 R12: ffffba1ac0c03bf8 +[ 1032.252955] R13: 0000000000001000 R14: 0000000000000000 R15: 0000000000000000 +[ 1032.252958] FS: 0000000000000000(0000) GS:ffff91becf500000(0000) knlGS:0000000000000000 +[ 1032.252959] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 1032.252961] CR2: 0000784ac0000000 CR3: 000000031780a002 CR4: 00000000001606e0 +[ 1032.252962] Call Trace: +[ 1032.252969] ? async_memcpy+0x179/0x1000 [async_memcpy] +[ 1032.252977] ? raid5_release_stripe+0x8e/0x110 [raid456] +[ 1032.252982] handle_stripe_expansion+0x15a/0x1f0 [raid456] +[ 1032.252988] handle_stripe+0x592/0x1270 [raid456] +[ 1032.252993] handle_active_stripes.isra.0+0x3cb/0x5a0 [raid456] +[ 1032.252999] raid5d+0x35c/0x550 [raid456] +[ 1032.253002] ? schedule+0x42/0xb0 +[ 1032.253006] ? schedule_timeout+0x10e/0x160 +[ 1032.253011] md_thread+0x97/0x160 +[ 1032.253015] ? wait_woken+0x80/0x80 +[ 1032.253019] kthread+0x104/0x140 +[ 1032.253022] ? md_start_sync+0x60/0x60 +[ 1032.253024] ? kthread_park+0x90/0x90 +[ 1032.253027] ret_from_fork+0x35/0x40 + +This is because cache_size_mutex was unlocked too early in resize_stripes, +which races with grow_one_stripe() that grow_one_stripe() allocates a +stripe with wrong pool_size. + +Fix this issue by unlocking cache_size_mutex after updating pool_size. + +Cc: # v4.4+ +Reported-by: KoWei Sung +Signed-off-by: Song Liu +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/raid5.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/md/raid5.c ++++ b/drivers/md/raid5.c +@@ -2238,8 +2238,6 @@ static int resize_stripes(struct r5conf + } else + err = -ENOMEM; + +- mutex_unlock(&conf->cache_size_mutex); +- + conf->slab_cache = sc; + conf->active_name = 1-conf->active_name; + +@@ -2262,6 +2260,8 @@ static int resize_stripes(struct r5conf + + if (!err) + conf->pool_size = newsize; ++ mutex_unlock(&conf->cache_size_mutex); ++ + return err; + } + diff --git a/queue-4.4/series b/queue-4.4/series index fbbc0c29200..d771c3dfe6d 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -32,3 +32,4 @@ gfs2-add-validation-checks-for-size-of-superblock.patch memory-emif-remove-bogus-debugfs-error-handling.patch arm-dts-s5pv210-move-pmu-node-out-of-clock-controlle.patch arm-dts-s5pv210-remove-dedicated-audio-subsystem-nod.patch +md-raid5-fix-oops-during-stripe-resizing.patch