aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPaul Clements <paul.clements@steeleye.com>2012-09-17 17:09:02 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2012-09-17 18:00:37 -0400
commitfded4e090c60100d709318896c79816d68d5b47d (patch)
tree889cd9547a487296b5354b1956e174b4750a2737
parente9b7d7c81d9bdb41a897a2983ae3386a5fd4a1e3 (diff)
nbd: clear waiting_queue on shutdown
Fix a serious but uncommon bug in nbd which occurs when there is heavy I/O going to the nbd device while, at the same time, a failure (server, network) or manual disconnect of the nbd connection occurs. There is a small window between the time that the nbd_thread is stopped and the socket is shutdown where requests can continue to be queued to nbd's internal waiting_queue. When this happens, those requests are never completed or freed. The fix is to clear the waiting_queue on shutdown of the nbd device, in the same way that the nbd request queue (queue_head) is already being cleared. Signed-off-by: Paul Clements <paul.clements@steeleye.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--drivers/block/nbd.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
index d07c9f7fded6..0c03411c59eb 100644
--- a/drivers/block/nbd.c
+++ b/drivers/block/nbd.c
@@ -449,6 +449,14 @@ static void nbd_clear_que(struct nbd_device *nbd)
449 req->errors++; 449 req->errors++;
450 nbd_end_request(req); 450 nbd_end_request(req);
451 } 451 }
452
453 while (!list_empty(&nbd->waiting_queue)) {
454 req = list_entry(nbd->waiting_queue.next, struct request,
455 queuelist);
456 list_del_init(&req->queuelist);
457 req->errors++;
458 nbd_end_request(req);
459 }
452} 460}
453 461
454 462
@@ -598,6 +606,7 @@ static int __nbd_ioctl(struct block_device *bdev, struct nbd_device *nbd,
598 nbd->file = NULL; 606 nbd->file = NULL;
599 nbd_clear_que(nbd); 607 nbd_clear_que(nbd);
600 BUG_ON(!list_empty(&nbd->queue_head)); 608 BUG_ON(!list_empty(&nbd->queue_head));
609 BUG_ON(!list_empty(&nbd->waiting_queue));
601 if (file) 610 if (file)
602 fput(file); 611 fput(file);
603 return 0; 612 return 0;