From: Milan Broz <mbroz@redhat.com>
Date: Mon, 12 Nov 2007 19:27:10 +0100
Subject: [md] dm: bd_mount_sem counter corruption
Message-id: 47389AFE.8010504@redhat.com
O-Subject: [RHEL 5.2 PATCH] dm: bd_mount_sem counter corruption
Bugzilla: 360571

RHEL5.2 device mapper: bd_mount_sem counter corruption
Resolves: rhbz#360571
Patch is upstream (in 2.6.24-rc)

This patch fixes a bd_mount_sem counter corruption bug in device-mapper.

thaw_bdev() should be called only when freeze_bdev() was called for the device.
Otherwise, thaw_bdev() will up bd_mount_sem and corrupt the semaphore counter.
struct block_device with the corrupted semaphore may remain in slab cache
and be reused later.
 upstream commit  ae9da83f6d800fe1f3b23bfbc8f7222ad1c5bb74

Kernel with fix compiled and tested.

Acked-by: Alasdair G Kergon <agk@redhat.com>
Acked-by: "Bryn M. Reeves" <breeves@redhat.com>
Acked-by: Jeff Moyer <jmoyer@redhat.com>

diff --git a/drivers/md/dm.c b/drivers/md/dm.c
index 7b6ba6f..0743bae 100644
--- a/drivers/md/dm.c
+++ b/drivers/md/dm.c
@@ -1059,12 +1059,14 @@ static struct mapped_device *alloc_dev(int minor)
 	return NULL;
 }
 
+static void unlock_fs(struct mapped_device *md);
+
 static void free_dev(struct mapped_device *md)
 {
 	int minor = md->disk->first_minor;
 
 	if (md->suspended_bdev) {
-		thaw_bdev(md->suspended_bdev, NULL);
+		unlock_fs(md);
 		bdput(md->suspended_bdev);
 	}
 	mempool_destroy(md->tio_pool);