From: Al Viro <viro@ZenIV.linux.org.uk>
To: Kay Sievers <kay.sievers@vrfy.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
gregkh@suse.de, petero2@telia.com, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] fix pktcdvd breakage from commit e105b8bfc769b0545b6f0f395179d1e43cbee822
Date: Sun, 30 Nov 2008 15:53:36 +0000 [thread overview]
Message-ID: <20081130155336.GE28946@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20081130145221.GD28946@ZenIV.linux.org.uk>
On Sun, Nov 30, 2008 at 02:52:21PM +0000, Al Viro wrote:
> On Sun, Nov 30, 2008 at 03:28:15PM +0100, Kay Sievers wrote:
> > > So we need to preserve the layout, with the easiest way probably being "add
> > > one more ktype and use kobject_init_and_add() instead of that device_create()".
> > > Sigh...
> >
> > What do you mean? We just need to replace the bogus "pd->pkt_dev" with
> > MKDEV(0, 0) and we are fine.
>
> Userland-visible change - right now cat /sys/class/pktcdvd/pktcdvd3/dev will
> give you dev_t of the block device in question.
Looking at the locking scheme there, it appears that we have an unpleasant
race of the same kind as discussed in md-with-eviction thread. If removal
hits between finding (and grabbing) gendisk and actual call of ->open(),
it will succeed just fine and we might get an open for _different_ object,
while holding a reference to disk that had already gone through del_gendisk().
Call ioctl() on that sucker and you've got
struct pktcdvd_device *pd = bdev->bd_disk->private_data;
which will point to already freed object.
It really appears that we need to
* add ->use() and ->unuse() callbacks
* have exact_lock() call ->use() in addition to get_disk() - either
on each hit, or on the "it's currently not in use" ones.
* have ->unuse() called on failure exits in __blkdev_get() and in
blkdev_put(), with rules matching those for calls of ->use().
That would allow to close that kind of races, both here and in md. I'd
probably prefer the second variant for calling rules - we would be able
to bracket the "it's associated with underlying objects" intervals by
those calls... Hell knows; I really need to get some sleep and look through
the ->open() and ->release() instances for block devices. Later...
next prev parent reply other threads:[~2008-11-30 15:53 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-30 12:19 [PATCH] fix pktcdvd breakage from commit e105b8bfc769b0545b6f0f395179d1e43cbee822 Al Viro
2008-11-30 12:41 ` Kay Sievers
2008-11-30 13:21 ` Al Viro
2008-11-30 13:25 ` Kay Sievers
2008-11-30 13:32 ` Al Viro
2008-11-30 13:40 ` Al Viro
2008-11-30 13:44 ` Kay Sievers
2008-11-30 13:50 ` Al Viro
2008-11-30 13:57 ` Kay Sievers
2008-11-30 14:13 ` Al Viro
2008-11-30 14:28 ` Kay Sievers
2008-11-30 14:52 ` Al Viro
2008-11-30 15:53 ` Al Viro [this message]
2008-11-30 15:56 ` Kay Sievers
2008-12-05 2:57 ` Kay Sievers
2008-12-06 3:38 ` Kay Sievers
2008-12-09 21:57 ` Peter Osterlund
2008-11-30 13:41 ` Kay Sievers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081130155336.GE28946@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=gregkh@suse.de \
--cc=kay.sievers@vrfy.org \
--cc=linux-kernel@vger.kernel.org \
--cc=petero2@telia.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.