Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-27 06:31:52 +00:00
Code Issues Packages Projects Releases Wiki Activity
97240963eb
linux/drivers
History
Vegard Nossum 97240963eb nbd: fix race in ioctl 
Quentin ran into this bug:

WARNING: CPU: 64 PID: 10085 at fs/sysfs/dir.c:31 sysfs_warn_dup+0x65/0x80
sysfs: cannot create duplicate filename '/devices/virtual/block/nbd3/pid'
Modules linked in: nbd
CPU: 64 PID: 10085 Comm: qemu-nbd Tainted: G      D         4.6.0+ #7
 0000000000000000 ffff8820330bba68 ffffffff814b8791 ffff8820330bbac8
 0000000000000000 ffff8820330bbab8 ffffffff810d04ab ffff8820330bbaa8
 0000001f00000296 0000000000017681 ffff8810380bf000 ffffffffa0001790
Call Trace:
 [<ffffffff814b8791>] dump_stack+0x4d/0x6c
 [<ffffffff810d04ab>] __warn+0xdb/0x100
 [<ffffffff810d0574>] warn_slowpath_fmt+0x44/0x50
 [<ffffffff81218c65>] sysfs_warn_dup+0x65/0x80
 [<ffffffff81218a02>] sysfs_add_file_mode_ns+0x172/0x180
 [<ffffffff81218a35>] sysfs_create_file_ns+0x25/0x30
 [<ffffffff81594a76>] device_create_file+0x36/0x90
 [<ffffffffa0000e8d>] __nbd_ioctl+0x32d/0x9b0 [nbd]
 [<ffffffff814cc8e8>] ? find_next_bit+0x18/0x20
 [<ffffffff810f7c29>] ? select_idle_sibling+0xe9/0x120
 [<ffffffff810f6cd7>] ? __enqueue_entity+0x67/0x70
 [<ffffffff810f9bf0>] ? enqueue_task_fair+0x630/0xe20
 [<ffffffff810efa76>] ? resched_curr+0x36/0x70
 [<ffffffff810f0078>] ? check_preempt_curr+0x78/0x90
 [<ffffffff810f00a2>] ? ttwu_do_wakeup+0x12/0x80
 [<ffffffff810f01b1>] ? ttwu_do_activate.constprop.86+0x61/0x70
 [<ffffffff810f0c15>] ? try_to_wake_up+0x185/0x2d0
 [<ffffffff810f0d6d>] ? default_wake_function+0xd/0x10
 [<ffffffff81105471>] ? autoremove_wake_function+0x11/0x40
 [<ffffffffa0001577>] nbd_ioctl+0x67/0x94 [nbd]
 [<ffffffff814ac0fd>] blkdev_ioctl+0x14d/0x940
 [<ffffffff811b0da2>] ? put_pipe_info+0x22/0x60
 [<ffffffff811d96cc>] block_ioctl+0x3c/0x40
 [<ffffffff811ba08d>] do_vfs_ioctl+0x8d/0x5e0
 [<ffffffff811aa329>] ? ____fput+0x9/0x10
 [<ffffffff810e9092>] ? task_work_run+0x72/0x90
 [<ffffffff811ba627>] SyS_ioctl+0x47/0x80
 [<ffffffff8185f5df>] entry_SYSCALL_64_fastpath+0x17/0x93
---[ end trace 7899b295e4f850c8 ]---

It seems fairly obvious that device_create_file() is not being protected
from being run concurrently on the same nbd.

Quentin found the following relevant commits:

1a2ad21 nbd: add locking to nbd_ioctl
90b8f28 [PATCH] end of methods switch: remove the old ones
d4430d6 [PATCH] beginning of methods conversion
08f8585 [PATCH] move block_device_operations to blkdev.h

It would seem that the race was introduced in the process of moving nbd
from BKL to unlocked ioctls.

By setting nbd->task_recv while the mutex is held, we can prevent other
processes from running concurrently (since nbd->task_recv is also checked
while the mutex is held).

Reported-and-tested-by: Quentin Casasnovas <quentin.casasnovas@oracle.com>
Cc: Markus Pargmann <mpa@pengutronix.de>
Cc: Paul Clements <paul.clements@steeleye.com>
Cc: Pavel Machek <pavel@suse.cz>
Cc: Jens Axboe <axboe@fb.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
2016-08-04 14:19:16 -06:00
..
accessibility
acpi Merge branch 'akpm' (patches from Andrew) 2016-08-02 21:08:07 -04:00
amba
android
ata New LED class driver: 2016-07-27 14:03:52 -07:00
atm drivers: atm: nicstar: Use the correct function to free some resources 2016-07-19 11:30:26 -07:00
auxdisplay
base firmware: support loading into a pre-allocated buffer 2016-08-02 19:35:10 -04:00
bcma wireless-drivers-next patches for 4.8 2016-07-25 11:09:19 -07:00
block nbd: fix race in ioctl 2016-08-04 14:19:16 -06:00
bluetooth
bus ARM: SoC driver updates for v4.8 2016-08-01 18:36:01 -04:00
cdrom
char Merge tag 'drm-for-v4.8' of git://people.freedesktop.org/~airlied/linux 2016-08-01 21:44:08 -04:00
clk treewide: replace obsolete _refok by __ref 2016-08-02 17:31:41 -04:00
clocksource ARM: SoC driver updates for v4.8 2016-08-01 18:36:01 -04:00
connector
cpufreq ARM: SoC driver updates for v4.8 2016-08-01 18:36:01 -04:00
cpuidle powerpc updates for 4.8 # 1 2016-07-30 21:01:36 -07:00
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2016-08-01 14:28:42 -04:00
dax
dca
devfreq
dio
dma dmaengine updates for 4.8-rc1 2016-07-28 15:45:17 -07:00
dma-buf
edac * Altera Arria10 ethernet FIFO buffer support (Thor Thayer) 2016-07-27 13:40:47 -07:00
eisa
extcon
firewire
firmware tree-wide: replace config_enabled() with IS_ENABLED() 2016-08-04 08:50:07 -04:00
fmc
fpga drivers/fpga/Kconfig: fix build failure 2016-08-04 08:50:07 -04:00
gpio This is the bulk of GPIO changes for the v4.8 kernel cycle. 2016-07-26 19:16:01 -07:00
gpu Merge branch 'akpm' (patches from Andrew) 2016-08-04 08:51:12 -04:00
hid Merge branch 'for-4.8/hid-led' into for-linus 2016-07-28 10:49:23 +02:00
hsi
hv
hwmon hwmon updates for v4.8 (take 2) 2016-08-01 16:49:13 -04:00
hwspinlock
hwtracing Merge branch 'smp-hotplug-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-07-29 13:55:30 -07:00
i2c powerpc updates for 4.8 # 1 2016-07-30 21:01:36 -07:00
ide Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide 2016-07-29 13:29:06 -07:00
idle Merge branch 'x86-cpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-07-30 12:56:26 -07:00
iio
infiniband dma-mapping: use unsigned long for dma_attrs 2016-08-04 08:50:07 -04:00
input ARM: SoC driver updates for v4.8 2016-08-01 18:36:01 -04:00
iommu dma-mapping: use unsigned long for dma_attrs 2016-08-04 08:50:07 -04:00
ipack
irqchip tree-wide: replace config_enabled() with IS_ENABLED() 2016-08-04 08:50:07 -04:00
isdn
leds powerpc updates for 4.8 # 1 2016-07-30 21:01:36 -07:00
lguest
lightnvm block: get rid of bio_rw and READA 2016-07-20 17:37:01 -06:00
macintosh powerpc updates for 4.8 # 1 2016-07-30 21:01:36 -07:00
mailbox mailbox: Fix format and type mismatches in Broadcom PDC driver 2016-07-28 21:27:31 +05:30
mcb
md Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md 2016-07-28 18:04:39 -07:00
media media updates for v4.8-rc1 2016-08-04 09:59:37 -04:00
memory MTD updates for v4.8: 2016-08-02 17:05:11 -04:00
memstick memstick: don't allocate unused major for ms_block 2016-08-02 17:31:41 -04:00
message
mfd ARM: SoC driver updates for v4.8 2016-08-01 18:36:01 -04:00
misc dma-mapping: use unsigned long for dma_attrs 2016-08-04 08:50:07 -04:00
mmc MMC core: 2016-07-31 21:36:58 -04:00
mtd tree-wide: replace config_enabled() with IS_ENABLED() 2016-08-04 08:50:07 -04:00
net tree-wide: replace config_enabled() with IS_ENABLED() 2016-08-04 08:50:07 -04:00
nfc NFC 4.8 pull request 2016-07-20 23:39:36 -07:00
ntb
nubus
nvdimm libnvdimm for 4.8 2016-07-28 17:38:16 -07:00
nvme PCI changes for the v4.8 merge window: 2016-08-02 17:12:29 -04:00
nvmem
of powerpc updates for 4.8 # 1 2016-07-30 21:01:36 -07:00
oprofile
parisc dma-mapping: use unsigned long for dma_attrs 2016-08-04 08:50:07 -04:00
parport
pci Merge branch 'akpm' (patches from Andrew) 2016-08-04 08:51:12 -04:00
pcmcia
perf Merge branch 'smp-hotplug-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-07-29 13:55:30 -07:00
phy MMC core: 2016-07-31 21:36:58 -04:00
pinctrl This is the bulk of pin control changes for the v4.8 kernel cycle. 2016-07-28 17:06:51 -07:00
platform Merge tag 'drm-for-v4.8' of git://people.freedesktop.org/~airlied/linux 2016-08-01 21:44:08 -04:00
pnp PNP material for v4.8-rc1 2016-07-26 18:27:20 -07:00
power ARM: SoC driver updates for v4.8 2016-08-01 18:36:01 -04:00
powercap
pps pps: do not crash when failed to register 2016-07-23 10:25:54 +09:00
ps3
ptp
pwm ARM: SoC driver updates for v4.8 2016-08-01 18:36:01 -04:00
rapidio rapidio/switches: add driver for IDT gen3 switches 2016-08-02 19:35:38 -04:00
ras
regulator ARM: SoC driver updates for v4.8 2016-08-01 18:36:01 -04:00
remoteproc dma-mapping: use unsigned long for dma_attrs 2016-08-04 08:50:07 -04:00
reset
rpmsg
rtc
s390 - ARM: GICv3 ITS emulation and various fixes. Removal of the old 2016-08-02 16:11:27 -04:00
sbus
scsi PCI changes for the v4.8 merge window: 2016-08-02 17:12:29 -04:00
sfi
sh
sn
soc ARM: SoC driver updates for v4.8 2016-08-01 18:36:01 -04:00
spi ARM: DT updates for v4.8 2016-08-01 18:37:45 -04:00
spmi
ssb
staging media updates for v4.8-rc1 2016-08-04 09:59:37 -04:00
target Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2016-07-27 12:03:20 -07:00
tc
thermal
thunderbolt
tty tree-wide: replace config_enabled() with IS_ENABLED() 2016-08-04 08:50:07 -04:00
uio
usb PCI changes for the v4.8 merge window: 2016-08-02 17:12:29 -04:00
uwb
vfio vfio: platform: check reset call return code during release 2016-07-19 10:54:45 -06:00
vhost
video dma-mapping: use unsigned long for dma_attrs 2016-08-04 08:50:07 -04:00
virt
virtio mm: fix build warnings in <linux/compaction.h> 2016-07-26 16:19:19 -07:00
vlynq
vme
w1 w1:omap_hdq: fix regression 2016-08-02 19:35:40 -04:00
watchdog watchdog: gpio_wdt: Fix missing platform_set_drvdata() in gpio_wdt_probe() 2016-07-27 10:47:43 +02:00
xen dma-mapping: use unsigned long for dma_attrs 2016-08-04 08:50:07 -04:00
zorro
Kconfig
Makefile HSI changes for the v4.8 series 2016-07-27 15:18:53 -07:00