On Fri, Sep 3, 2021 at 10:02 AM Dinghao Liu <dinghao.liu@xxxxxxxxxx> wrote:
mddev_unlock() is called on all paths after we call mddev_lock_nointr(),
except for three error handling paths, which may cause a deadlock. This
bug is suggested by a static analysis tool, please advise.
Hi,
correct, those unlock calls are missing.
As we are bailing out after md_run() with lock held,
we can clean the lot of error paths underneath up by jumping to before
md_stop() and add the mddev_unlock upfront it like:
md_stop() and add the mddev_unlock upfront it like:
From 5c72f1d07195127f5fd49bccbe0705854463c199 Mon Sep 17 00:00:00 2001
Message-Id: <5c72f1d07195127f5fd49bccbe0705854463c199.1630675612.git.heinzm@xxxxxxxxxx>
From: Heinz Mauelshagen <heinzm@xxxxxxxxxx>
Date: Fri, 3 Sep 2021 15:26:50 +0200
Subject: [PATCH] dm raid: fix mddev unlocking in raid_ctr() error paths
Signed-off-by: Heinz Mauelshagen <heinzm@xxxxxxxxxx>
---
drivers/md/dm-raid.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/md/dm-raid.c b/drivers/md/dm-raid.c
index d9ef52159a22..741bab00e922 100644
--- a/drivers/md/dm-raid.c
+++ b/drivers/md/dm-raid.c
@@ -3249,14 +3249,12 @@ static int raid_ctr(struct dm_target *ti, unsigned int argc, char **argv)
rs->md.in_sync = 0; /* Assume already marked dirty */
if (r) {
ti->error = "Failed to run raid array";
- mddev_unlock(&rs->md);
- goto bad;
+ goto bad_unlock;
}
r = md_start(&rs->md);
if (r) {
ti->error = "Failed to start raid array";
- mddev_unlock(&rs->md);
goto bad_md_start;
}
@@ -3265,7 +3263,6 @@ static int raid_ctr(struct dm_target *ti, unsigned int argc, char **argv)
r = r5c_journal_mode_set(&rs->md, rs->journal_dev.mode);
if (r) {
ti->error = "Failed to set raid4/5/6 journal mode";
- mddev_unlock(&rs->md);
goto bad_journal_mode_set;
}
}
@@ -3304,10 +3301,12 @@ static int raid_ctr(struct dm_target *ti, unsigned int argc, char **argv)
mddev_unlock(&rs->md);
return 0;
+bad_unlock:
bad_md_start:
bad_journal_mode_set:
bad_stripe_cache:
bad_check_reshape:
+ mddev_unlock(&rs->md);
md_stop(&rs->md);
bad:
raid_set_free(rs);
--
2.31.1
Message-Id: <5c72f1d07195127f5fd49bccbe0705854463c199.1630675612.git.heinzm@xxxxxxxxxx>
From: Heinz Mauelshagen <heinzm@xxxxxxxxxx>
Date: Fri, 3 Sep 2021 15:26:50 +0200
Subject: [PATCH] dm raid: fix mddev unlocking in raid_ctr() error paths
Signed-off-by: Heinz Mauelshagen <heinzm@xxxxxxxxxx>
---
drivers/md/dm-raid.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/md/dm-raid.c b/drivers/md/dm-raid.c
index d9ef52159a22..741bab00e922 100644
--- a/drivers/md/dm-raid.c
+++ b/drivers/md/dm-raid.c
@@ -3249,14 +3249,12 @@ static int raid_ctr(struct dm_target *ti, unsigned int argc, char **argv)
rs->md.in_sync = 0; /* Assume already marked dirty */
if (r) {
ti->error = "Failed to run raid array";
- mddev_unlock(&rs->md);
- goto bad;
+ goto bad_unlock;
}
r = md_start(&rs->md);
if (r) {
ti->error = "Failed to start raid array";
- mddev_unlock(&rs->md);
goto bad_md_start;
}
@@ -3265,7 +3263,6 @@ static int raid_ctr(struct dm_target *ti, unsigned int argc, char **argv)
r = r5c_journal_mode_set(&rs->md, rs->journal_dev.mode);
if (r) {
ti->error = "Failed to set raid4/5/6 journal mode";
- mddev_unlock(&rs->md);
goto bad_journal_mode_set;
}
}
@@ -3304,10 +3301,12 @@ static int raid_ctr(struct dm_target *ti, unsigned int argc, char **argv)
mddev_unlock(&rs->md);
return 0;
+bad_unlock:
bad_md_start:
bad_journal_mode_set:
bad_stripe_cache:
bad_check_reshape:
+ mddev_unlock(&rs->md);
md_stop(&rs->md);
bad:
raid_set_free(rs);
--
2.31.1
-- lvmguy
Fixes: 9dbd1aa3a81c ("dm raid: add reshaping support to the target")
Signed-off-by: Dinghao Liu <dinghao.liu@xxxxxxxxxx>
---
drivers/md/dm-raid.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/md/dm-raid.c b/drivers/md/dm-raid.c
index d9ef52159a22..79f36a806082 100644
--- a/drivers/md/dm-raid.c
+++ b/drivers/md/dm-raid.c
@@ -3276,15 +3276,19 @@ static int raid_ctr(struct dm_target *ti, unsigned int argc, char **argv)
/* Try to adjust the raid4/5/6 stripe cache size to the stripe size */
if (rs_is_raid456(rs)) {
r = rs_set_raid456_stripe_cache(rs);
- if (r)
+ if (r) {
+ mddev_unlock(&rs->md);
goto bad_stripe_cache;
+ }
}
/* Now do an early reshape check */
if (test_bit(RT_FLAG_RESHAPE_RS, &rs->runtime_flags)) {
r = rs_check_reshape(rs);
- if (r)
+ if (r) {
+ mddev_unlock(&rs->md);
goto bad_check_reshape;
+ }
/* Restore new, ctr requested layout to perform check */
rs_config_restore(rs, &rs_layout);
@@ -3293,6 +3297,7 @@ static int raid_ctr(struct dm_target *ti, unsigned int argc, char **argv)
r = rs->md.pers->check_reshape(&rs->md);
if (r) {
ti->error = "Reshape check failed";
+ mddev_unlock(&rs->md);
goto bad_check_reshape;
}
}
--
2.17.1
-- dm-devel mailing list dm-devel@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/dm-devel
