dm verity: skip verity work if I/O error when system is shutting down

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

If emergency system shutdown is called, like by thermal shutdown,
a dm device could be alive when the block device couldn't process
I/O requests anymore. In this state, the handling of I/O errors
by new dm I/O requests or by those already in-flight can lead to
a verity corruption state, which is a misjudgment.

So, skip verity work in response to I/O error when system is shutting
down.

Signed-off-by: Hyeongseok Kim <hyeongseok@gmail.com>
Reviewed-by: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>

authored by

Hyeongseok Kim and committed by

Mike Snitzer 5 years ago 252bd125 a2b8b2d9

+11 -1

1 changed file

expand all

drivers

dm-verity-target.c

+11 -1

drivers/md/dm-verity-target.c

··· 538 538 } 539 539 540 540 /* 541 + * Skip verity work in response to I/O error when system is shutting down. 542 + */ 543 + static inline bool verity_is_system_shutting_down(void) 544 + { 545 + return system_state == SYSTEM_HALT || system_state == SYSTEM_POWER_OFF 546 + || system_state == SYSTEM_RESTART; 547 + } 548 + 549 + /* 541 550 * End one "io" structure with a given error. 542 551 */ 543 552 static void verity_finish_io(struct dm_verity_io *io, blk_status_t status) ··· 573 564 { 574 565 struct dm_verity_io *io = bio->bi_private; 575 566 576 - if (bio->bi_status && !verity_fec_is_enabled(io->v)) { 567 + if (bio->bi_status && 568 + (!verity_fec_is_enabled(io->v) || verity_is_system_shutting_down())) { 577 569 verity_finish_io(io, bio->bi_status); 578 570 return; 579 571 }