284aca9e36
The following issue was observed.
The first thread returned the last IO channel and the second thread
then removed the first base device, but raid_bdev_cleanup() was
called before raid_bdev_destroy_cb() was called.
raid_bdev_destroy_cb() was accessed to the raid bdev already freed
by raid_bdev_cleanup() and caused segmentation fault.
The call sequence was as follows:
The first thread:
spdk_put_io_channel() -> ch->destroy_cb -> raid_bdev_destroy_cb
-> access raid bdev
The second thread:
raid_bdev_remove_base_devices() -> raid_bdev_deconfigure() ->
spdk_bdev_unregister() -> spdk_io_device_unregister() ->
spdk_bdev_destroy_cb() -> raid_bdev_destruct() -> raid_bdev_cleanup()
-> free raid bdev
The fix is to hold number of created channels in struct
raid_bdev_io_channel and use it in raid_bdev_destroy_cb().
Bdev layer, IO device/channel layer, and NVMe-oF layer already
process this case correctly.
Fixes #884.
Reported-by: yidong0635 <dongx.yi@intel.com>
Change-Id: Ie9d61bdddca479ce7f491ff9a08db45e71f16a8d
Signed-off-by: yidong0635 <dongx.yi@intel.com>
Signed-off-by: Shuhei Matsumoto <shuhei.matsumoto.xt@hitachi.com>
Reviewed-on: https://review.gerrithub.io/c/spdk/spdk/+/463249
Reviewed-by: Broadcom SPDK FC-NVMe CI <spdk-ci.pdl@broadcom.com>
Reviewed-by: Changpeng Liu <changpeng.liu@intel.com>
Reviewed-by: Seth Howell <seth.howell@intel.com>
Reviewed-by: Ben Walker <benjamin.walker@intel.com>
Reviewed-by: Jim Harris <james.r.harris@intel.com>
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
|
||
|---|---|---|
| .. | ||
| bdev_raid_rpc.c | ||
| bdev_raid.c | ||
| bdev_raid.h | ||
| Makefile | ||