diff options
| author | Stefan Haberland <sth@linux.vnet.ibm.com> | 2017-05-16 10:30:13 +0200 |
|---|---|---|
| committer | Martin Schwidefsky <schwidefsky@de.ibm.com> | 2017-06-12 16:26:01 +0200 |
| commit | 2757fe1d8ebd0e6ab1dbf1105978b8c8369dcc49 (patch) | |
| tree | 581299b3b20bcea725808b7a30ed0138df0fb25d /drivers/s390/block/dasd_devmap.c | |
| parent | b487a914f853545842a0899329b6b72fe56c4081 (diff) | |
| download | linux-rt-2757fe1d8ebd0e6ab1dbf1105978b8c8369dcc49.tar.gz | |
s390/dasd: fix unusable device after safe offline processing
The safe offline processing needs, as well as the normal offline
processing, to be locked against multiple parallel executions. But it
should be able to be overtaken by a normal offline processing to make sure
that the device does not wait forever for outstanding I/O if the user
wants to.
Unfortunately the parallel processing of safe offline and normal offline
might lead to a race situation where both threads report successful
execution to the CIO layer which in turn tries to deregister the kobject
of the device twice. This leads to a
refcount_t: underflow; use-after-free.
error and the device is not able to be set online again afterwards without
a reboot.
Correct the locking of the safe offline processing by doing the following:
- Use the cdev lock to secure all set and test operations to the
device flags.
- Two safe offline processes are locked against each other using
the DASD_FLAG_SAFE_OFFLINE and DASD_FLAG_SAFE_OFFLINE_RUNNING
device flags.
The differentiation between offline triggered and offline running
is needed since the normal offline attribute is owned by CIO and
we have to pass over control in between.
- The dasd_generic_set_offline process handles the offline
processing. It is locked against parallel execution using the
DASD_FLAG_OFFLINE.
- Only a running safe offline should be able to be overtaken by a
single normal offline. This is ensured by clearing the
DASD_FLAG_SAFE_OFFLINE_RUNNING flag when a normal offline
overtakes. So this can only happen ones.
- The safe offline just aborts in this case doing nothing and
the normal offline processing finishes as usual.
Signed-off-by: Stefan Haberland <sth@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Diffstat (limited to 'drivers/s390/block/dasd_devmap.c')
| -rw-r--r-- | drivers/s390/block/dasd_devmap.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/drivers/s390/block/dasd_devmap.c b/drivers/s390/block/dasd_devmap.c index 0ce84f0a4d7f..e943d9c48926 100644 --- a/drivers/s390/block/dasd_devmap.c +++ b/drivers/s390/block/dasd_devmap.c @@ -950,11 +950,14 @@ dasd_safe_offline_store(struct device *dev, struct device_attribute *attr, { struct ccw_device *cdev = to_ccwdev(dev); struct dasd_device *device; + unsigned long flags; int rc; - device = dasd_device_from_cdev(cdev); + spin_lock_irqsave(get_ccwdev_lock(cdev), flags); + device = dasd_device_from_cdev_locked(cdev); if (IS_ERR(device)) { rc = PTR_ERR(device); + spin_unlock_irqrestore(get_ccwdev_lock(cdev), flags); goto out; } @@ -962,12 +965,14 @@ dasd_safe_offline_store(struct device *dev, struct device_attribute *attr, test_bit(DASD_FLAG_SAFE_OFFLINE_RUNNING, &device->flags)) { /* Already doing offline processing */ dasd_put_device(device); + spin_unlock_irqrestore(get_ccwdev_lock(cdev), flags); rc = -EBUSY; goto out; } set_bit(DASD_FLAG_SAFE_OFFLINE, &device->flags); dasd_put_device(device); + spin_unlock_irqrestore(get_ccwdev_lock(cdev), flags); rc = ccw_device_set_offline(cdev); |