bio refcount problem

[Philip R Auld]

Hi,
	I think there are some potential issues with the reference
counting of bios as used in 2.6.10. The __make_request function 
which is the default block device routine accesses the bio structure 
after issuing the call to add_request. This means that the bio could 
have completed before __make_request uses it. 

The submit_bh path takes an extra reference with an explicit
bio_get/put pair around the submit_bio, but many other users of
submit_bio do not. Given that most of the end_io routines remove a
reference and hence could free the bio this can lead at the least to 
__make_request mis-reading the sync flag. In more extreme cases it can 
cause an oops when run with CONFIG_DEBUG_PAGEALLOC.

The question is what is the preferred fix? I think it may be to simply
have submit_bio take its own reference (and remove the extra one from 
submit_bh).

Alternatively __make_request could be adjusted so that it does not
access the bio after calling add_request. All it is doing is checking
the bi_rw field for the sync bit.

Or make all users of submit_bio take and release and extra reference
like submit_bh.

Thoughts?


Cheers,

Phil


-- 
Philip R. Auld, Ph.D.  	        	       Egenera, Inc.    
Software Architect                            165 Forest St.
(508) 858-2628                            Marlboro, MA 01752
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/