On Wed, 7 Mar 2018, Greg Kroah-Hartman wrote:
> On Tue, Mar 06, 2018 at 08:27:42AM -0500, Mikulas Patocka wrote:
> > Hi
> >
> > This is backport of the upstream commit that fixes memory corruption in
> > dm-io. It is suitable for stable kernels 3.18 to 4.7. (the bug didn't
> > exist before 3.18)
>
> This does not apply to the 4.4.y kernel tree :(
I errorneously sent the patch for 4.9 twice.
This is the patch for 3.18, 4.1 and 4.4.
Mikulas
> Also, when providing backports, please sign off on the patch as you have
> modified it.
>
> thanks,
>
> greg k-h
commit feb7695fe9fb83084aa29de0094774f4c9d4c9fc
Author: Mike Snitzer <snitzer@xxxxxxxxxx>
Date: Tue Jun 20 19:14:30 2017 -0400
dm io: fix duplicate bio completion due to missing ref count
If only a subset of the devices associated with multiple regions support
a given special operation (eg. DISCARD) then the dec_count() that is
used to set error for the region must increment the io->count.
Otherwise, when the dec_count() is called it can cause the dm-io
caller's bio to be completed multiple times. As was reported against
the dm-mirror target that had mirror legs with a mix of discard
capabilities.
Bug: https://bugzilla.kernel.org/show_bug.cgi?id=196077
Reported-by: Zhang Yi <yizhan@xxxxxxxxxx>
Signed-off-by: Mike Snitzer <snitzer@xxxxxxxxxx>
Signed-off-by: Mikulas Patocka <mpatocka@xxxxxxxxxx>
---
drivers/md/dm-io.c | 1 +
1 file changed, 1 insertion(+)
Index: linux-stable/drivers/md/dm-io.c
===================================================================
--- linux-stable.orig/drivers/md/dm-io.c 2018-03-06 14:16:18.000000000 +0100
+++ linux-stable/drivers/md/dm-io.c 2018-03-06 14:16:34.000000000 +0100
@@ -300,6 +300,7 @@ static void do_region(int rw, unsigned r
else if (rw & REQ_WRITE_SAME)
special_cmd_max_sectors = q->limits.max_write_same_sectors;
if ((rw & (REQ_DISCARD | REQ_WRITE_SAME)) && special_cmd_max_sectors == 0) {
+ atomic_inc(&io->count);
dec_count(io, region, -EOPNOTSUPP);
return;
}