From: Alban Crequy <alban.crequy@seanodes.com>
To: Al Viro <viro@ftp.linux.org.uk>
Cc: jens.axboe@oracle.com, linux-kernel@vger.kernel.org
Subject: Re: [RFC] error management in add_disk()
Date: Wed, 25 Jul 2007 17:29:56 +0200 [thread overview]
Message-ID: <20070725172956.2fa5b63e@alban> (raw)
In-Reply-To: <20070724132805.GR21668@ftp.linux.org.uk>
Le Tue, 24 Jul 2007 14:28:05 +0100,
Al Viro <viro@ftp.linux.org.uk> a écrit :
>On Tue, Jul 24, 2007 at 01:57:53PM +0200, Alban Crequy wrote:
>> Hi,
>>
>> I have a problem with the error management of add_disk() and
>> del_gendisk().
>>
>> add_disk() adds an entry in /sys/block/<name>. The filename
>> in /sys/block is not (struct gen_disk)->disk_name but more or less
>> the first KOBJ_NAME_LEN characters of (struct gen_disk)->disk_name.
>>
>> #define KOBJ_NAME_LEN 20
>>
>> My problem occurs when we try to add 2 disks with different names,
>> but when the KOBJ_NAME_LEN first characters are the same.
>
>So don't do that.
I no more do that. But I still think it would be better if we found a
way to manage errors in that case.
I fear that parts of kernel make this error. For example, old version of
GFS has this code:
http://csourcesearch.net/package/gfs-kernel/2.6.9/gfs-kernel-2.6.9-27/src/gfs/diaper.c
char buf[BDEVNAME_SIZE];
bdevname(real, buf);
snprintf(gd->disk_name, sizeof(gd->disk_name), "diapered_%s", buf);
Since BDEVNAME_SIZE is 32 and KOBJ_NAME_LEN is 20, the bug happens quite
easily.
I did not check closely if this is a problem, but there is other parts
in the current kernel that build the disk_name with snprintf("...%s...")
>> The attached test module triggers the problem. You can try something
>> like: for i in $(seq 1 100) ; do insmod ./adddiskbug.ko ; rmmod
>> adddiskbug ; done
>>
>> The attached patch fixes the problem by changing the prototype of
>> add_disk() and register_disk() to return errors.
>
>This is bogus. Just what would callers do with these error values?
>Ignore them silently? Bail out? Can't do - at that point disk just
>might have been opened already. add_disk() is the point of no return;
>we are already past the last point where we could bail out.
I missed that point - that the disk might have been opened. Where is
the point of no return in add_disk() exactly? Is it really before the
kobject_add() that causes the problem?
In this case, perhaps we can 1/ check that the kobject_add() will not
fail before the point of no return, 2/ pass this point and then 3/ do
the kobject_add(). And add appropriate locking to ensure that nobody
add another disk with the same 20-characters truncated name between 1/
and 3/.
prev parent reply other threads:[~2007-07-25 15:30 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-07-24 11:57 [RFC] error management in add_disk() Alban Crequy
2007-07-24 13:28 ` Al Viro
2007-07-25 15:29 ` Alban Crequy [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070725172956.2fa5b63e@alban \
--to=alban.crequy@seanodes.com \
--cc=jens.axboe@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=viro@ftp.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox