On Tue, Mar 24, 2009 at 08:17:30AM +0100, Hannes Reinecke wrote: > Very rarely under stress testing of dm, oopses are occuring as > something tampers with an old stack frame. This has been traced back > to blk_abort_queue() leaving a timeout_list pointing to the stack. > The reason is that sometimes blk_abort_request() won't delete the > timer (if the request is marked as complete but before the timer has > been removed, a small race window). Fix this by splicing back from > the ususally empty list to the q->timeout_list. > > Signed-off-by: Hannes Reinecke <hare@xxxxxxx> > --- > block/blk-timeout.c | 6 ++++++ > 1 files changed, 6 insertions(+), 0 deletions(-) > > diff --git a/block/blk-timeout.c b/block/blk-timeout.c > index bbbdc4b..6213123 100644 > --- a/block/blk-timeout.c > +++ b/block/blk-timeout.c > @@ -224,6 +224,12 @@ void blk_abort_queue(struct request_queue *q) > list_for_each_entry_safe(rq, tmp, &list, timeout_list) > blk_abort_request(rq); > > + /* > + * Occasionally, blk_abort_request() will return without > + * deleting the element from the list > + */ > + list_splice(&list, &q->timeout_list); > + > spin_unlock_irqrestore(q->queue_lock, flags); > > } > -- > 1.5.3.2 I just noticed that this fix is not upstream yet and i have seen test cases hitting this problem. Jens, are you going to included this patch, or should this go through the SCSI tree? -- Christof Schmitt -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
