On Fri, Apr 03 2009, Christof Schmitt wrote: > On Tue, Mar 24, 2009 at 08:17:30AM +0100, Hannes Reinecke wrote: > > Very rarely under stress testing of dm, oopses are occuring as > > something tampers with an old stack frame. This has been traced back > > to blk_abort_queue() leaving a timeout_list pointing to the stack. > > The reason is that sometimes blk_abort_request() won't delete the > > timer (if the request is marked as complete but before the timer has > > been removed, a small race window). Fix this by splicing back from > > the ususally empty list to the q->timeout_list. > > > > Signed-off-by: Hannes Reinecke <hare@xxxxxxx> > > --- > > block/blk-timeout.c | 6 ++++++ > > 1 files changed, 6 insertions(+), 0 deletions(-) > > > > diff --git a/block/blk-timeout.c b/block/blk-timeout.c > > index bbbdc4b..6213123 100644 > > --- a/block/blk-timeout.c > > +++ b/block/blk-timeout.c > > @@ -224,6 +224,12 @@ void blk_abort_queue(struct request_queue *q) > > list_for_each_entry_safe(rq, tmp, &list, timeout_list) > > blk_abort_request(rq); > > > > + /* > > + * Occasionally, blk_abort_request() will return without > > + * deleting the element from the list > > + */ > > + list_splice(&list, &q->timeout_list); > > + > > spin_unlock_irqrestore(q->queue_lock, flags); > > > > } > > -- > > 1.5.3.2 > > I just noticed that this fix is not upstream yet and i have seen test > cases hitting this problem. > > Jens, are you going to included this patch, or should this go through > the SCSI tree? I will include it, and CC stable as well. -- Jens Axboe -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
