On Fri, Sep 3, 2021 at 10:02 AM Dinghao Liu wrote: > mddev_unlock() is called on all paths after we call mddev_lock_nointr(), > except for three error handling paths, which may cause a deadlock. This > bug is suggested by a static analysis tool, please advise. > Hi, correct, those unlock calls are missing. As we are bailing out after md_run() with lock held, we can clean the lot of error paths underneath up by jumping to before md_stop() and add the mddev_unlock upfront it like: >From 5c72f1d07195127f5fd49bccbe0705854463c199 Mon Sep 17 00:00:00 2001 Message-Id: < 5c72f1d07195127f5fd49bccbe0705854463c199.1630675612.git.heinzm@redhat.com> From: Heinz Mauelshagen Date: Fri, 3 Sep 2021 15:26:50 +0200 Subject: [PATCH] dm raid: fix mddev unlocking in raid_ctr() error paths Signed-off-by: Heinz Mauelshagen --- drivers/md/dm-raid.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/md/dm-raid.c b/drivers/md/dm-raid.c index d9ef52159a22..741bab00e922 100644 --- a/drivers/md/dm-raid.c +++ b/drivers/md/dm-raid.c @@ -3249,14 +3249,12 @@ static int raid_ctr(struct dm_target *ti, unsigned int argc, char **argv) rs->md.in_sync = 0; /* Assume already marked dirty */ if (r) { ti->error = "Failed to run raid array"; - mddev_unlock(&rs->md); - goto bad; + goto bad_unlock; } r = md_start(&rs->md); if (r) { ti->error = "Failed to start raid array"; - mddev_unlock(&rs->md); goto bad_md_start; } @@ -3265,7 +3263,6 @@ static int raid_ctr(struct dm_target *ti, unsigned int argc, char **argv) r = r5c_journal_mode_set(&rs->md, rs->journal_dev.mode); if (r) { ti->error = "Failed to set raid4/5/6 journal mode"; - mddev_unlock(&rs->md); goto bad_journal_mode_set; } } @@ -3304,10 +3301,12 @@ static int raid_ctr(struct dm_target *ti, unsigned int argc, char **argv) mddev_unlock(&rs->md); return 0; +bad_unlock: bad_md_start: bad_journal_mode_set: bad_stripe_cache: bad_check_reshape: + mddev_unlock(&rs->md); md_stop(&rs->md); bad: raid_set_free(rs); -- 2.31.1 -- lvmguy > > Fixes: 9dbd1aa3a81c ("dm raid: add reshaping support to the target") > Signed-off-by: Dinghao Liu > --- > drivers/md/dm-raid.c | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) > > diff --git a/drivers/md/dm-raid.c b/drivers/md/dm-raid.c > index d9ef52159a22..79f36a806082 100644 > --- a/drivers/md/dm-raid.c > +++ b/drivers/md/dm-raid.c > @@ -3276,15 +3276,19 @@ static int raid_ctr(struct dm_target *ti, unsigned > int argc, char **argv) > /* Try to adjust the raid4/5/6 stripe cache size to the stripe > size */ > if (rs_is_raid456(rs)) { > r = rs_set_raid456_stripe_cache(rs); > - if (r) > + if (r) { > + mddev_unlock(&rs->md); > goto bad_stripe_cache; > + } > } > > /* Now do an early reshape check */ > if (test_bit(RT_FLAG_RESHAPE_RS, &rs->runtime_flags)) { > r = rs_check_reshape(rs); > - if (r) > + if (r) { > + mddev_unlock(&rs->md); > goto bad_check_reshape; > + } > > /* Restore new, ctr requested layout to perform check */ > rs_config_restore(rs, &rs_layout); > @@ -3293,6 +3297,7 @@ static int raid_ctr(struct dm_target *ti, unsigned > int argc, char **argv) > r = rs->md.pers->check_reshape(&rs->md); > if (r) { > ti->error = "Reshape check failed"; > + mddev_unlock(&rs->md); > goto bad_check_reshape; > } > } > -- > 2.17.1 > >