github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-24 15:11:55 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
56c0908c85
linux/include
History
Jan Kara 56c0908c85 genhd: Fix BUG in blkdev_open() 
When two blkdev_open() calls for a partition race with device removal
and recreation, we can hit BUG_ON(!bd_may_claim(bdev, whole, holder)) in
blkdev_open(). The race can happen as follows:

CPU0				CPU1			CPU2
							del_gendisk()
							  bdev_unhash_inode(part1);

blkdev_open(part1, O_EXCL)	blkdev_open(part1, O_EXCL)
  bdev = bd_acquire()		  bdev = bd_acquire()
  blkdev_get(bdev)
    bd_start_claiming(bdev)
      - finds old inode 'whole'
      bd_prepare_to_claim() -> 0
							  bdev_unhash_inode(whole);
							<device removed>
							<new device under same
							 number created>
				  blkdev_get(bdev);
				    bd_start_claiming(bdev)
				      - finds new inode 'whole'
				      bd_prepare_to_claim()
					- this also succeeds as we have
					  different 'whole' here...
					- bad things happen now as we
					  have two exclusive openers of
					  the same bdev

The problem here is that block device opens can see various intermediate
states while gendisk is shutting down and then being recreated.

We fix the problem by introducing new lookup_sem in gendisk that
synchronizes gendisk deletion with get_gendisk() and furthermore by
making sure that get_gendisk() does not return gendisk that is being (or
has been) deleted. This makes sure that once we ever manage to look up
newly created bdev inode, we are also guaranteed that following
get_gendisk() will either return failure (and we fail open) or it
returns gendisk for the new device and following bdget_disk() will
return new bdev inode (i.e., blkdev_open() follows the path as if it is
completely run after new device is created).

Reported-and-analyzed-by: Hou Tao <houtao1@huawei.com>
Tested-by: Hou Tao <houtao1@huawei.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2018-02-26 09:48:42 -07:00
..
acpi ACPICA: Update version to 20180105 2018-02-06 10:32:13 +01:00
asm-generic bug.h: work around GCC PR82365 in BUG() 2018-02-21 15:35:43 -08:00
clocksource
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2018-01-31 14:22:45 -08:00
drm drm/graphics pull request for v4.16-rc1 2018-02-01 17:48:47 -08:00
dt-bindings MIPS changes for 4.16 2018-02-07 11:22:44 -08:00
keys
kvm KVM changes for 4.16 2018-02-10 13:16:35 -08:00
linux genhd: Fix BUG in blkdev_open() 2018-02-26 09:48:42 -07:00
math-emu
media vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
memory
misc powerpc updates for 4.16 2018-02-02 10:01:04 -08:00
net udplite: fix partial checksum initialization 2018-02-16 15:57:42 -05:00
pcmcia
ras
rdma IB/uverbs: Use u64_to_user_ptr() not a union 2018-02-15 14:59:45 -07:00
scsi SCSI postmerge on 20180202 2018-02-03 13:07:56 -08:00
soc ARM: SoC driver updates for 4.16 2018-02-01 16:35:31 -08:00
sound Merge branch 'topic/fixes' into for-linus 2018-02-12 09:36:26 +01:00
target
trace Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-02-14 17:02:15 -08:00
uapi First pull request for the 4.16 rc cycle 2018-02-22 11:57:39 -08:00
video fbdev changes for v4.16: 2018-02-07 13:10:43 -08:00
xen