Bug#1006645: aoe: removing aoe devices with flush (implicit in rmmod aoe) leads to page fault
Package: linux-image-amd64
Version: 5.10.92
Source: linux
Dear Maintainers,
while trying to fix #986837 we found another issue in the aoe driver:
Removal of an active aoe device leads to a page fault and inhibits the
removal of the aoe module.
The issue affects all kernels from v4.20-rc1 up to v5.14-rc1 including
5.10 currently in debian bullseye.
The code in freedev() calls blk_mq_free_tag_set() before running
blk_cleanup_queue() which leads to this issue (drivers/block/aoedev.c
L281ff).
The attached patch for affected kernel versions just changes the order
of function calls to match the one introduced with blk_cleanup_disk() to
mitigate this issue.
See also https://bugzilla.kernel.org/show_bug.cgi?id=215647
Cheers,
Valentin
Index: linux-5.10.92/drivers/block/aoe/aoedev.c
===================================================================
--- linux-5.10.92.orig/drivers/block/aoe/aoedev.c
+++ linux-5.10.92/drivers/block/aoe/aoedev.c
@@ -277,9 +277,9 @@ freedev(struct aoedev *d)
if (d->gd) {
aoedisk_rm_debugfs(d);
del_gendisk(d->gd);
+ blk_cleanup_queue(d->blkq);
put_disk(d->gd);
blk_mq_free_tag_set(&d->tag_set);
- blk_cleanup_queue(d->blkq);
}
t = d->targets;
e = t + d->ntargets;
Reply to: