mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-17 02:36:21 +00:00
scsi: target: tcmu: Avoid holding XArray lock when calling lock_page
In tcmu_blocks_release(), lock_page() is called to prevent a race causing possible data corruption. Since lock_page() might sleep, calling it while holding XArray lock is a bug. To fix this, replace the xas_for_each() call with xa_for_each_range(). Since the latter does its own handling of XArray locking, the xas_lock() and xas_unlock() calls around the original loop are no longer necessary. The switch to xa_for_each_range() slows down the loop slightly. This is acceptable since tcmu_blocks_release() is not relevant for performance. Link: https://lore.kernel.org/r/20220517192913.21405-1-bostroesser@gmail.com Fixes: bb9b9eb0ae2e ("scsi: target: tcmu: Fix possible data corruption") Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Bodo Stroesser <bostroesser@gmail.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
This commit is contained in:
parent
d627660c22
commit
325d5c5fb2
@ -1661,13 +1661,14 @@ static int tcmu_check_and_free_pending_cmd(struct tcmu_cmd *cmd)
|
||||
static u32 tcmu_blocks_release(struct tcmu_dev *udev, unsigned long first,
|
||||
unsigned long last)
|
||||
{
|
||||
XA_STATE(xas, &udev->data_pages, first * udev->data_pages_per_blk);
|
||||
struct page *page;
|
||||
unsigned long dpi;
|
||||
u32 pages_freed = 0;
|
||||
|
||||
xas_lock(&xas);
|
||||
xas_for_each(&xas, page, (last + 1) * udev->data_pages_per_blk - 1) {
|
||||
xas_store(&xas, NULL);
|
||||
first = first * udev->data_pages_per_blk;
|
||||
last = (last + 1) * udev->data_pages_per_blk - 1;
|
||||
xa_for_each_range(&udev->data_pages, dpi, page, first, last) {
|
||||
xa_erase(&udev->data_pages, dpi);
|
||||
/*
|
||||
* While reaching here there may be page faults occurring on
|
||||
* the to-be-released pages. A race condition may occur if
|
||||
@ -1691,7 +1692,6 @@ static u32 tcmu_blocks_release(struct tcmu_dev *udev, unsigned long first,
|
||||
__free_page(page);
|
||||
pages_freed++;
|
||||
}
|
||||
xas_unlock(&xas);
|
||||
|
||||
atomic_sub(pages_freed, &global_page_count);
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user