From: Alban Crequy <alban.crequy@seanodes.com>
To: Al Viro <viro@ftp.linux.org.uk>
Cc: jens.axboe@oracle.com, linux-kernel@vger.kernel.org
Subject: Re: [RFC] error management in add_disk()
Date: Wed, 25 Jul 2007 17:29:56 +0200 [thread overview]
Message-ID: <20070725172956.2fa5b63e@alban> (raw)
In-Reply-To: <20070724132805.GR21668@ftp.linux.org.uk>
Le Tue, 24 Jul 2007 14:28:05 +0100,
Al Viro <viro@ftp.linux.org.uk> a écrit :
>On Tue, Jul 24, 2007 at 01:57:53PM +0200, Alban Crequy wrote:
>> Hi,
>>
>> I have a problem with the error management of add_disk() and
>> del_gendisk().
>>
>> add_disk() adds an entry in /sys/block/<name>. The filename
>> in /sys/block is not (struct gen_disk)->disk_name but more or less
>> the first KOBJ_NAME_LEN characters of (struct gen_disk)->disk_name.
>>
>> #define KOBJ_NAME_LEN 20
>>
>> My problem occurs when we try to add 2 disks with different names,
>> but when the KOBJ_NAME_LEN first characters are the same.
>
>So don't do that.
I no more do that. But I still think it would be better if we found a
way to manage errors in that case.
I fear that parts of kernel make this error. For example, old version of
GFS has this code:
http://csourcesearch.net/package/gfs-kernel/2.6.9/gfs-kernel-2.6.9-27/src/gfs/diaper.c
char buf[BDEVNAME_SIZE];
bdevname(real, buf);
snprintf(gd->disk_name, sizeof(gd->disk_name), "diapered_%s", buf);
Since BDEVNAME_SIZE is 32 and KOBJ_NAME_LEN is 20, the bug happens quite
easily.
I did not check closely if this is a problem, but there is other parts
in the current kernel that build the disk_name with snprintf("...%s...")
>> The attached test module triggers the problem. You can try something
>> like: for i in $(seq 1 100) ; do insmod ./adddiskbug.ko ; rmmod
>> adddiskbug ; done
>>
>> The attached patch fixes the problem by changing the prototype of
>> add_disk() and register_disk() to return errors.
>
>This is bogus. Just what would callers do with these error values?
>Ignore them silently? Bail out? Can't do - at that point disk just
>might have been opened already. add_disk() is the point of no return;
>we are already past the last point where we could bail out.
I missed that point - that the disk might have been opened. Where is
the point of no return in add_disk() exactly? Is it really before the
kobject_add() that causes the problem?
In this case, perhaps we can 1/ check that the kobject_add() will not
fail before the point of no return, 2/ pass this point and then 3/ do
the kobject_add(). And add appropriate locking to ensure that nobody
add another disk with the same 20-characters truncated name between 1/
and 3/.
prev parent reply other threads:[~2007-07-25 15:30 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-07-24 11:57 [RFC] error management in add_disk() Alban Crequy
2007-07-24 13:28 ` Al Viro
2007-07-25 15:29 ` Alban Crequy [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070725172956.2fa5b63e@alban \
--to=alban.crequy@seanodes.com \
--cc=jens.axboe@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=viro@ftp.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.