From 17d5c8ca7572124c9623045f24b0c21d4aa2b47f Mon Sep 17 00:00:00 2001 From: Hannes Reinecke Date: Thu, 23 Apr 2009 10:32:59 +0200 Subject: [PATCH] block: fix intermittent dm timeout based oops Very rarely under stress testing of dm, oopses are occuring as something tampers with an old stack frame. This has been traced back to blk_abort_queue() leaving a timeout_list pointing to the stack. The reason is that sometimes blk_abort_request() won't delete the timer (if the request is marked as complete but before the timer has been removed, a small race window). Fix this by splicing back from the ususally empty list to the q->timeout_list. Signed-off-by: Hannes Reinecke Signed-off-by: Jens Axboe --- block/blk-timeout.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/block/blk-timeout.c b/block/blk-timeout.c index 8f570c4c80ee..1ec0d503cacd 100644 --- a/block/blk-timeout.c +++ b/block/blk-timeout.c @@ -230,6 +230,13 @@ void blk_abort_queue(struct request_queue *q) list_for_each_entry_safe(rq, tmp, &list, timeout_list) blk_abort_request(rq); + /* + * Occasionally, blk_abort_request() will return without + * deleting the element from the list. Make sure we add those back + * instead of leaving them on the local stack list. + */ + list_splice(&list, &q->timeout_list); + spin_unlock_irqrestore(q->queue_lock, flags); }