* [PATCH] network block device driver, kernel 2.4
@ 2003-04-13 9:32 Lou Langholtz
0 siblings, 0 replies; only message in thread
From: Lou Langholtz @ 2003-04-13 9:32 UTC (permalink / raw)
To: linux-kernel; +Cc: alan, marcelo
[-- Attachment #1: Type: text/plain, Size: 510 bytes --]
Here's a simple patch to nbd.c to fix some of the potential for oopses
(and possible corruption) should the nbd-client that handed off a socket
exit (implicitly closing the socket), while the driver is still sending
requests onto that socket. The oops can easily be seen when root runs
"nbd-client -d /dev/nbX" after /dev/nbX has been setup and still has a
bunch of I/O buffered up (and is sending requests to the socket to
handle the queue). This patch doesn't change functionality.
Louis D. Langholtz
[-- Attachment #2: nbd.diff --]
[-- Type: text/plain, Size: 1431 bytes --]
--- linux-2.4.20/drivers/block/nbd.c 2002-08-02 18:39:43.000000000 -0600
+++ linux/drivers/block/nbd.c 2003-04-13 02:24:26.000000000 -0600
@@ -26,6 +26,8 @@
* reduce number of partial TCP segments sent. <steve@chygwyn.com>
* 01-12-6 Fix deadlock condition by making queue locks independant of
* the transmit lock. <steve@chygwyn.com>
+ * 03-04-12 Fix some possible ways to oops from the nbd-client closing the
+ * socket it gave us while we're still using that socket. <ldl@aros.net>
*
* possible FIXME: make set_sock / set_blksize / set_size / do_it one syscall
* why not: would need verify_area and friends, would share yet another
@@ -153,7 +155,7 @@
int result;
struct nbd_request request;
unsigned long size = req->nr_sectors << 9;
- struct socket *sock = lo->sock;
+ struct socket *sock;
DEBUG("NBD: sending control, ");
request.magic = htonl(NBD_REQUEST_MAGIC);
@@ -163,6 +165,8 @@
memcpy(request.handle, &req, sizeof(req));
down(&lo->tx_lock);
+ sock = lo->sock;
+ if (!sock) goto error_out; /* we got cleared */
result = nbd_xmit(1, sock, (char *) &request, sizeof(request), req->cmd == WRITE ? MSG_MORE : 0);
if (result <= 0)
@@ -402,7 +406,10 @@
if (!file)
return -EINVAL;
lo->file = NULL;
+ /* ensure we're not in critical section of nbd_send_req() */
+ down(&lo->tx_lock);
lo->sock = NULL;
+ up(&lo->tx_lock);
fput(file);
return 0;
case NBD_SET_SOCK:
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2003-04-13 8:46 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-04-13 9:32 [PATCH] network block device driver, kernel 2.4 Lou Langholtz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox