077ae9152d
The following issue was observed.
The first thread returned the last IO channel and the second thread
then removed the first base device, but raid_bdev_cleanup() was
called before raid_bdev_destroy_cb() was called.
raid_bdev_destroy_cb() was accessed to the raid bdev already freed
by raid_bdev_cleanup() and caused segmentation fault.
The call sequence was as follows:
The first thread:
spdk_put_io_channel() -> ch->destroy_cb -> raid_bdev_destroy_cb
-> access raid bdev
The second thread:
raid_bdev_remove_base_devices() -> raid_bdev_deconfigure() ->
spdk_bdev_unregister() -> spdk_io_device_unregister() ->
spdk_bdev_destroy_cb() -> raid_bdev_destruct() -> raid_bdev_cleanup()
-> free raid bdev
The fix is to hold number of created channels in struct
raid_bdev_io_channel and use it in raid_bdev_destroy_cb().
Bdev layer, IO device/channel layer, and NVMe-oF layer already
process this case correctly.
Fixes #884.
Reported-by: yidong0635 <dongx.yi@intel.com>
Signed-off-by: yidong0635 <dongx.yi@intel.com>
Signed-off-by: Shuhei Matsumoto <shuhei.matsumoto.xt@hitachi.com>
Reviewed-on: https://review.gerrithub.io/c/spdk/spdk/+/463249 (master)
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| bdev | ||
| blob | ||
| copy | ||
| event | ||
| sock | ||
| Makefile | ||