Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / b06075a98d595b761881fb2d7b8a557ea2f8b7ac
commitb06075a98d595b761881fb2d7b8a557ea2f8b7ac[log] [tgz]
authorMikulas Patocka <mpatocka@redhat.com>Fri Jul 10 17:21:43 2015 -0400
committerMike Snitzer <snitzer@redhat.com>Mon Jul 13 09:14:11 2015 -0400
tree0f4d62164e2204cd26af74f48bd1cb43e715aef1
parent621739b00e16ca2d80411dc9b111cb15b91f3ba9 [diff]
dm: fix use after free crash due to incorrect cleanup sequence

Linux 4.2-rc1 Commit 0f20972f7bf6 ("dm: factor out a common
cleanup_mapped_device()") moved a common cleanup code to a separate
function.  Unfortunately, that commit incorrectly changed the order of
cleanup, so that it destroys the mapped_device's srcu structure
'io_barrier' before destroying its workqueue.

The function that is executed on the workqueue (dm_wq_work) uses the srcu
structure, thus it may use it after being freed.  That results in a
crash in the LVM test suite's mirror-vgreduce-removemissing.sh test.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Fixes: 0f20972f7bf6 ("dm: factor out a common cleanup_mapped_device()")
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
1 file changed
tree: 0f4d62164e2204cd26af74f48bd1cb43e715aef1
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS