Re: [2.6.23 PATCH 07/18] dm io: fix panic on large request
From: Milan Broz
Date: Fri Jul 20 2007 - 11:08:36 EST
Chuck Ebbert wrote:
>> [ 126.754204] BUG: unable to handle kernel NULL pointer dereference at
>> virtual address 00000000
>>
...
> mempool_free() was called with a NULL pool. That can't be good.
Yes, it is really not good :)
Bug http://bugzilla.kernel.org/show_bug.cgi?id=7388
Attached patch fixes this problem, fix needed for stable tree too,
this is not regression, just very old bug...
Milan
--
mbroz@xxxxxxxxxx
--
From: Milan Broz <mbroz@xxxxxxxxxx>
Flush workqueue before releasing bioset and mopools
in dm-crypt.
There can be finished but not yet released request.
Call chain causing oops:
run workqueue
dec_pending
bio_endio(...);
<remove device request - remove mempool>
mempool_free(io, cc->io_pool);
This usually happens when cryptsetup create temporary
luks mapping in the beggining of crypt device activation.
When dm-core calls destructor crypt_dtr, no new request
are possible.
Signed-off-by: Milan Broz <mbroz@xxxxxxxxxx>
---
drivers/md/dm-crypt.c | 2 ++
1 file changed, 2 insertions(+)
Index: linux-2.6.22/drivers/md/dm-crypt.c
===================================================================
--- linux-2.6.22.orig/drivers/md/dm-crypt.c 2007-07-17 21:56:36.000000000 +0200
+++ linux-2.6.22/drivers/md/dm-crypt.c 2007-07-19 11:55:13.000000000 +0200
@@ -920,6 +920,8 @@ static void crypt_dtr(struct dm_target *
{
struct crypt_config *cc = (struct crypt_config *) ti->private;
+ flush_workqueue(_kcryptd_workqueue);
+
bioset_free(cc->bs);
mempool_destroy(cc->page_pool);
mempool_destroy(cc->io_pool);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/