• Zhao Heming's avatar
    md-cluster: fix wild pointer of unlock_all_bitmaps() · 60f80d6f
    Zhao Heming authored
    reproduction steps:
    ```
    node1 # mdadm -C /dev/md0 -b clustered -e 1.2 -n 2 -l mirror /dev/sda
    /dev/sdb
    node2 # mdadm -A /dev/md0 /dev/sda /dev/sdb
    node1 # mdadm -G /dev/md0 -b none
    mdadm: failed to remove clustered bitmap.
    node1 # mdadm -S --scan
    ^C  <==== mdadm hung & kernel crash
    ```
    
    kernel stack:
    ```
    [  335.230657] general protection fault: 0000 [#1] SMP NOPTI
    [...]
    [  335.230848] Call Trace:
    [  335.230873]  ? unlock_all_bitmaps+0x5/0x70 [md_cluster]
    [  335.230886]  unlock_all_bitmaps+0x3d/0x70 [md_cluster]
    [  335.230899]  leave+0x10f/0x190 [md_cluster]
    [  335.230932]  ? md_super_wait+0x93/0xa0 [md_mod]
    [  335.230947]  ? leave+0x5/0x190 [md_cluster]
    [  335.230973]  md_cluster_stop+0x1a/0x30 [md_mod]
    [  335.230999]  md_bitmap_free+0x142/0x150 [md_mod]
    [  335.231013]  ? _cond_resched+0x15/0x40
    [  335.231025]  ? mutex_lock+0xe/0x30
    [  335.231056]  __md_stop+0x1c/0xa0 [md_mod]
    [  335.231083]  do_md_stop+0x160/0x580 [md_mod]
    [  335.231119]  ? 0xffffffffc05fb078
    [  335.231148]  md_ioctl+0xa04/0x1930 [md_mod]
    [  335.231165]  ? filename_lookup+0xf2/0x190
    [  335.231179]  blkdev_ioctl+0x93c/0xa10
    [  335.231205]  ? _cond_resched+0x15/0x40
    [  335.231214]  ? __check_object_size+0xd4/0x1a0
    [  335.231224]  block_ioctl+0x39/0x40
    [  335.231243]  do_vfs_ioctl+0xa0/0x680
    [  335.231253]  ksys_ioctl+0x70/0x80
    [  335.231261]  __x64_sys_ioctl+0x16/0x20
    [  335.231271]  do_syscall_64+0x65/0x1f0
    [  335.231278]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
    ```
    Signed-off-by: default avatarZhao Heming <heming.zhao@suse.com>
    Signed-off-by: default avatarSong Liu <songliubraving@fb.com>
    60f80d6f
md-cluster.c 43.9 KB