diff options
| author | Yu Kuai <[email protected]> | 2023-05-23 02:10:13 +0000 |
|---|---|---|
| committer | Song Liu <[email protected]> | 2023-06-13 22:25:11 +0000 |
| commit | e5e9b9cb71a09d86d5e8d147e6a6457e1f8887b5 (patch) | |
| tree | 45f389582148284e7dd38170c0a68cafc5abd703 /drivers/md/dm-raid.c | |
| parent | md: fix duplicate filename for rdev (diff) | |
| download | kernel-e5e9b9cb71a09d86d5e8d147e6a6457e1f8887b5.tar.gz kernel-e5e9b9cb71a09d86d5e8d147e6a6457e1f8887b5.zip | |
md: factor out a helper to wake up md_thread directly
md_wakeup_thread() can't wakeup md_thread->tsk if md_thread->run is
still in progress, and in some cases md_thread->tsk need to be woke up
directly, like md_set_readonly() and do_md_stop().
Commit 9dfbdafda3b3 ("md: unlock mddev before reap sync_thread in
action_store") introduce a new scenario where unregister sync_thread is
not protected by 'reconfig_mutex', this can cause null-ptr-deference in
theroy:
t1: md_set_readonly t2: action_store
md_unregister_thread
// 'reconfig_mutex' is not held
// 'reconfig_mutex' is held by caller
if (mddev->sync_thread)
thread = *threadp
*threadp = NULL
wake_up_process(mddev->sync_thread->tsk)
// null-ptr-deference
Fix this problem by factoring out a helper to wake up md_thread directly,
so that 'sync_thread' won't be accessed multiple times from the reader
side. This helper also prepare to protect md_thread with rcu.
Noted that later patches is going to fix that unregister sync_thread is
not protected by 'reconfig_mutex' from action_store().
Signed-off-by: Yu Kuai <[email protected]>
Signed-off-by: Song Liu <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Diffstat (limited to 'drivers/md/dm-raid.c')
0 files changed, 0 insertions, 0 deletions