• Philipp Reisner's avatar
    drbd: device->ldev is not guaranteed on an D_ATTACHING disk · 8fe39aac
    Philipp Reisner authored
    Some parts of the code assumed that get_ldev_if_state(device, D_ATTACHING)
    is sufficient to access the ldev member of the device object. That was
    wrong. ldev may not be there or might be freed at any time if the device
    has a disk state of D_ATTACHING.
    
    bm_rw()
      Documented that drbd_bm_read() is only called from drbd_adm_attach.
      drbd_bm_write() is only called when a reference is held, and it is
      documented that a caller has to hold a reference before calling
      drbd_bm_write()
    
    drbd_bm_write_page()
      Use get_ldev() instead of get_ldev_if_state(device, D_ATTACHING)
    
    drbd_bmio_set_n_write()
      No longer use get_ldev_if_state(device, D_ATTACHING). All callers
      hold a reference to ldev now.
    
    drbd_bmio_clear_n_write()
      All callers where holding a reference of ldev anyways. Remove the
      misleading get_ldev_if_state(device, D_ATTACHING)
    
    drbd_reconsider_max_bio_size()
      Removed the get_ldev_if_state(device, D_ATTACHING). All callers
      now pass a struct drbd_backing_dev* when they have a proper
      reference, or a NULL pointer.
      Before this fix, the receiver could trigger a NULL pointer
      deref when in drbd_reconsider_max_bio_size()
    
    drbd_bump_write_ordering()
      Used get_ldev_if_state(device, D_ATTACHING) with the wrong assumption.
      Remove it, and allow the caller to pass in a struct drbd_backing_dev*
      when the caller knows that accessing this bdev is safe.
    Signed-off-by: default avatarPhilipp Reisner <philipp.reisner@linbit.com>
    Signed-off-by: default avatarLars Ellenberg <lars.ellenberg@linbit.com>
    8fe39aac
drbd_int.h 76 KB