md: don't call bitmap_create() while array is quiesced.

commit 52a0d49de3d592a3118e13f35985e3d99eaf43df upstream.

bitmap_create() allocates memory with GFP_KERNEL and
so can wait for IO.
If called while the array is quiesced, it could wait indefinitely
for write out to the array - deadlock.
So call bitmap_create() before quiescing the array.

Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Shaohua Li <shli@fb.com>
Signed-off-by: Jack Wang <jinpu.wang@profitbricks.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/md/md.c b/drivers/md/md.c
index 757f12d..ac27fe2 100644 (file)
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -6645,22 +6645,26 @@ static int set_bitmap_file(struct mddev *mddev, int fd)
                return -ENOENT; /* cannot remove what isn't there */
        err = 0;
        if (mddev->pers) {
-               mddev->pers->quiesce(mddev, 1);
                if (fd >= 0) {
                        struct bitmap *bitmap;
 
                        bitmap = bitmap_create(mddev, -1);
+                       mddev->pers->quiesce(mddev, 1);
                        if (!IS_ERR(bitmap)) {
                                mddev->bitmap = bitmap;
                                err = bitmap_load(mddev);
                        } else
                                err = PTR_ERR(bitmap);
-               }
-               if (fd < 0 || err) {
+                       if (err) {
+                               bitmap_destroy(mddev);
+                               fd = -1;
+                       }
+                       mddev->pers->quiesce(mddev, 0);
+               } else if (fd < 0) {
+                       mddev->pers->quiesce(mddev, 1);
                        bitmap_destroy(mddev);
-                       fd = -1; /* make sure to put the file */
+                       mddev->pers->quiesce(mddev, 0);
                }
-               mddev->pers->quiesce(mddev, 0);
        }
        if (fd < 0) {
                struct file *f = mddev->bitmap_info.file;
@@ -6944,8 +6948,8 @@ static int update_array_info(struct mddev *mddev, mdu_array_info_t *info)
                                mddev->bitmap_info.default_offset;
                        mddev->bitmap_info.space =
                                mddev->bitmap_info.default_space;
-                       mddev->pers->quiesce(mddev, 1);
                        bitmap = bitmap_create(mddev, -1);
+                       mddev->pers->quiesce(mddev, 1);
                        if (!IS_ERR(bitmap)) {
                                mddev->bitmap = bitmap;
                                rv = bitmap_load(mddev);