[dm-devel] [PATCH] dm: fix a crash due to incorrect cleanup sequence

[Mikulas Patocka]

The patch 0f20972f7bf6 moves a common cleanup code to a separate function.
Unfortunatelly, the patch changes the order of cleanup, so that it
destroys the srcu structure io_barrier before destroying the workqueue.

The function that is executed on the workqueue (dm_wq_work) uses the srcu
structure, thus it may use it after being freed. That results in a crash
in the LVM test mirror-vgreduce-removemissing.sh.

Signed-off-by: Mikulas Patocka <mpatocka at redhat.com>
Fixes: 0f20972f7bf6 ("dm: factor out a common cleanup_mapped_device()")

---
 drivers/md/dm.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Index: linux-4.2-rc1/drivers/md/dm.c
===================================================================
--- linux-4.2-rc1.orig/drivers/md/dm.c	2015-07-09 22:08:12.000000000 +0200
+++ linux-4.2-rc1/drivers/md/dm.c	2015-07-10 21:20:50.000000000 +0200
@@ -2367,8 +2367,6 @@ static void dm_init_old_md_queue(struct 
 
 static void cleanup_mapped_device(struct mapped_device *md)
 {
-	cleanup_srcu_struct(&md->io_barrier);
-
 	if (md->wq)
 		destroy_workqueue(md->wq);
 	if (md->kworker_task)
@@ -2380,6 +2378,8 @@ static void cleanup_mapped_device(struct
 	if (md->bs)
 		bioset_free(md->bs);
 
+	cleanup_srcu_struct(&md->io_barrier);
+
 	if (md->disk) {
 		spin_lock(&_minor_lock);
 		md->disk->private_data = NULL;