| Message ID | 20201014024514.112822-1-xiubli@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | nbd: make the config put is called before the notifying the waiter | expand |
On 10/13/20 10:45 PM, xiubli@redhat.com wrote: > From: Xiubo Li <xiubli@redhat.com> > > There has one race case for ceph's rbd-nbd tool. When do mapping > it may fail with EBUSY from ioctl(nbd, NBD_DO_IT), but actually > the nbd device has already unmaped. > > It dues to if just after the wake_up(), the recv_work() is scheduled > out and defers calling the nbd_config_put(), though the map process > has exited the "nbd->recv_task" is not cleared. > > Signed-off-by: Xiubo Li <xiubli@redhat.com> Reviewed-by: Josef Bacik <josef@toxicpanda.com> Thanks, Josef
On 10/13/20 8:45 PM, xiubli@redhat.com wrote: > From: Xiubo Li <xiubli@redhat.com> > > There has one race case for ceph's rbd-nbd tool. When do mapping > it may fail with EBUSY from ioctl(nbd, NBD_DO_IT), but actually > the nbd device has already unmaped. > > It dues to if just after the wake_up(), the recv_work() is scheduled > out and defers calling the nbd_config_put(), though the map process > has exited the "nbd->recv_task" is not cleared. Applied, thanks.
diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c index edf8b632e3d2..f46e26c9d9b3 100644 --- a/drivers/block/nbd.c +++ b/drivers/block/nbd.c @@ -801,9 +801,9 @@ static void recv_work(struct work_struct *work) if (likely(!blk_should_fake_timeout(rq->q))) blk_mq_complete_request(rq); } + nbd_config_put(nbd); atomic_dec(&config->recv_threads); wake_up(&config->recv_wq); - nbd_config_put(nbd); kfree(args); }