From: Greg KH <gregkh@suse.de>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Ingo Molnar <mingo@elte.hu>,
Cornelia Huck <cornelia.huck@de.ibm.com>,
Vegard Nossum <vegard.nossum@gmail.com>,
Adrian Bunk <bunk@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Jens Axboe <jens.axboe@oracle.com>,
"Rafael J. Wysocki" <rjw@sisk.pl>,
Kay Sievers <kay.sievers@vrfy.org>, Neil Brown <neilb@suse.de>,
Mariusz Kozlowski <m.kozlowski@tuxland.pl>,
Dave Young <hidave.darkstar@gmail.com>
Subject: Re: [bug, 2.6.26-rc4/rc5] sporadic bootup crashes in blk_lookup_devt()/prepare_namespace()
Date: Mon, 9 Jun 2008 20:09:59 -0700 [thread overview]
Message-ID: <20080610030959.GD6796@suse.de> (raw)
In-Reply-To: <alpine.LFD.1.10.0806090858310.3473@woody.linux-foundation.org>
On Mon, Jun 09, 2008 at 09:15:40AM -0700, Linus Torvalds wrote:
>
>
> On Mon, 9 Jun 2008, Ingo Molnar wrote:
> >
> > ah. I suspect that explains the sporadic nature as well: normally there
> > is 'some' object at the list address, just with an invalid type.
>
> Yes. It could cause two kinds of problems:
>
> - it might end up returning the wrong 'dev_t'. This is unlikely, since we
> only have two cases: the working whole-disk case, and the case where we
> find a partition.
>
> But if we find a partition, we'd still get the right dev_t *most* of
> the time, because we'd first get called with "part=0", and then we have
>
> if (part < disk->minors)
> devt = MKDEV(MAJOR(dev->devt),
> MINOR(dev->devt) + part);
> break;
>
> where we would only fail if that conditional statement would be untrue
> (and then we'd incorrectly return MKDEV(0,0)). Otherwise, 'devt' ends
> up being correct anyway.
>
> So one effect of this bug would be that it would use the random
> "disk->minors" value to either return the right devt, or return one
> that is all zeroes. But if we return the all-zeroes case, then
> init/do_mounts.c will just try again, this time with the numbers
> removed, and now it wouldn't hit the "strcmp()" on any partition, and
> the next time around it would find a disk and work again.
>
> So this is a bug, but it's one that essentially is hidden by the
> caller.
>
> - The other alternative is that the bogus "disk->minors" thing would
> cause a page fault. This would only happen if the partition allocation
> was the first thing in a page, and the previous page was unused, and
> you had DEBUG_PAGEALLOC enabled.
>
> This is obviously the case you saw.
>
> My trivial fix makes it ignore partitions entirely.
>
> We *could* (and perhaps should) do something slightly more involved
> instead, which actually uses a partition if it's there). Like this. That
> would avoid my one nagging worry (that some clever usage makes partitions
> with a different numbering or without a base block device).
>
> And this is all still ignoring the locking issue, of course. It would be
> trivial to just remove the block_class_lock, and change
>
> mutex_[un]lock(&block_class_lock);
>
> into
>
> down|up(&block_class.sem);
The locking for struct class has turned into a mutex in the -next tree
already, but I have left the block_class_lock alone for the moment.
Now that I have also cleaned up the places in the /proc files where we
grabbed it, I think it might be safe to remove, I'll poke at that
tomorrow.
thanks,
greg k-h
next prev parent reply other threads:[~2008-06-10 3:13 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-06-09 8:03 [bug, 2.6.26-rc4/rc5] sporadic bootup crashes in blk_lookup_devt()/prepare_namespace() Ingo Molnar
2008-06-09 9:06 ` Andrew Morton
2008-06-09 9:09 ` Vegard Nossum
2008-06-09 9:34 ` Ingo Molnar
2008-06-09 10:35 ` Vegard Nossum
2008-06-09 13:34 ` Adrian Bunk
2008-06-09 13:58 ` Vegard Nossum
2008-06-09 14:28 ` Vegard Nossum
2008-06-09 14:57 ` Cornelia Huck
2008-06-09 15:09 ` Vegard Nossum
2008-06-09 15:29 ` Linus Torvalds
2008-06-09 15:38 ` Ingo Molnar
2008-06-09 16:15 ` Linus Torvalds
2008-06-09 17:15 ` Cornelia Huck
2008-06-09 18:03 ` Cornelia Huck
2008-06-10 3:11 ` Greg KH
2008-06-10 7:51 ` Cornelia Huck
2008-06-10 21:52 ` Greg KH
2008-06-10 3:09 ` Greg KH [this message]
2008-06-09 15:46 ` Kay Sievers
2008-06-09 15:58 ` Linus Torvalds
2008-06-10 3:07 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080610030959.GD6796@suse.de \
--to=gregkh@suse.de \
--cc=akpm@linux-foundation.org \
--cc=bunk@kernel.org \
--cc=cornelia.huck@de.ibm.com \
--cc=hidave.darkstar@gmail.com \
--cc=jens.axboe@oracle.com \
--cc=kay.sievers@vrfy.org \
--cc=linux-kernel@vger.kernel.org \
--cc=m.kozlowski@tuxland.pl \
--cc=mingo@elte.hu \
--cc=neilb@suse.de \
--cc=rjw@sisk.pl \
--cc=torvalds@linux-foundation.org \
--cc=vegard.nossum@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.