[Devel] [PATCH RHEL7 COMMIT] ploop: push_backup: BUG() on list corruption in ploop_pb_add_req_to_tree()
Konstantin Khorenko
khorenko at virtuozzo.com
Tue May 16 05:55:21 PDT 2017
The commit is pushed to "branch-rh7-3.10.0-514.16.1.vz7.32.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-514.16.1.vz7.32.3
------>
commit 074a33731114428478323f35bb2e68de8632b0a0
Author: Maxim Patlasov <mpatlasov at virtuozzo.com>
Date: Tue May 16 16:55:20 2017 +0400
ploop: push_backup: BUG() on list corruption in ploop_pb_add_req_to_tree()
As PSBM-65786 demonstrated, the node doesn't survive list corruption:
after list corruption, pbd->reported_set.tree becomes corrupted too
having some rb_node with rb_left and rb_right pointing to the rb_node itself.
Then any search there becomes busy-loop, leading to hard lockup.
The patch crashes the node at the moment of list corruption detection.
https://jira.sw.ru/browse/PSBM-65786
Signed-off-by: Maxim Patlasov <mpatlasov at virtuozzo.com>
---
drivers/block/ploop/push_backup.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/block/ploop/push_backup.c b/drivers/block/ploop/push_backup.c
index 975d2be..0a0a69c 100644
--- a/drivers/block/ploop/push_backup.c
+++ b/drivers/block/ploop/push_backup.c
@@ -489,6 +489,13 @@ static void ploop_pb_add_req_to_tree(struct ploop_request *preq,
pbs->pbd->ppb_state == PLOOP_PB_ALIVE)
mod_timer(&pbs->timer, preq->tstamp + timeout + 1);
+ if (pbs->list.prev->next != &pbs->list) {
+ printk("list_add corruption. pbs->list.prev->next should be "
+ "&pbs->list (%p), but was %p. (pbs->list.prev=%p)."
+ " preq=%p\n",
+ &pbs->list, pbs->list.prev->next, pbs->list.prev, preq);
+ BUG();
+ }
list_add_tail(&preq->list, &pbs->list);
rb_link_node(&preq->reloc_link, parent, p);
More information about the Devel
mailing list