md/raid5: In ops_run_io, inc nr_pending before calling md_wait_for_blocked_rdev In ops_run_io(), the call to md_wait_for_blocked_rdev will decrement nr_pending so we lose the reference we hold on the rdev. So atomic_inc it first to maintain the reference. This bug was introduced by commit 73e92e51b7969ef5477d md/raid5. Don't write to known bad block on doubtful devices. which appeared in 3.0, so patch is suitable for stable kernels since then. Cc: stable@vger.kernel.org Signed-off-by: majianpeng <majianpeng@gmail.com> Signed-off-by: NeilBrown <neilb@suse.de>

commit: 1850753d2e6d9ca7856581ca5d3cf09521e6a5d7 [log] [tgz]
author: majianpeng <majianpeng@gmail.com> Tue Jul 03 12:11:54 2012 +1000
committer: NeilBrown <neilb@suse.de> Tue Jul 03 12:11:54 2012 +1000
tree: 78b6a6f246d35b13c3a37461187be7453d0972ba
parent: 6c0544e255dd6582a9899572e120fb55d9f672a4 [diff] [blame]
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
index 9567a9c..befadb4 100644
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c

@@ -606,6 +606,12 @@
 					 * a chance*/
 					md_check_recovery(conf->mddev);
 				}
+				/*
+				 * Because md_wait_for_blocked_rdev
+				 * will dec nr_pending, we must
+				 * increment it first.
+				 */
+				atomic_inc(&rdev->nr_pending);
 				md_wait_for_blocked_rdev(rdev, conf->mddev);
 			} else {
 				/* Acknowledged bad block - skip the write */
commit	1850753d2e6d9ca7856581ca5d3cf09521e6a5d7	[log] [tgz]
author	majianpeng <majianpeng@gmail.com>	Tue Jul 03 12:11:54 2012 +1000
committer	NeilBrown <neilb@suse.de>	Tue Jul 03 12:11:54 2012 +1000
tree	78b6a6f246d35b13c3a37461187be7453d0972ba
parent	6c0544e255dd6582a9899572e120fb55d9f672a4 [diff] [blame]