[PATCH] network block device driver, kernel 2.4

From: Lou Langholtz (ldl@aros.net)
Date: Sun Apr 13 2003 - 04:32:29 EST

Next message: Tony 'Nicoya' Mantler: "Re: Quick question about hyper-threading"
Previous message: Shaheed R. Haque: "Re: Re: Processor sets (pset) for linux kernel 2.5/2.6?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Here's a simple patch to nbd.c to fix some of the potential for oopses
(and possible corruption) should the nbd-client that handed off a socket
exit (implicitly closing the socket), while the driver is still sending
requests onto that socket. The oops can easily be seen when root runs
"nbd-client -d /dev/nbX" after /dev/nbX has been setup and still has a
bunch of I/O buffered up (and is sending requests to the socket to
handle the queue). This patch doesn't change functionality.

Louis D. Langholtz

--- linux-2.4.20/drivers/block/nbd.c 2002-08-02 18:39:43.000000000 -0600
+++ linux/drivers/block/nbd.c 2003-04-13 02:24:26.000000000 -0600
@@ -26,6 +26,8 @@
  * reduce number of partial TCP segments sent. <steve@chygwyn.com>
  * 01-12-6 Fix deadlock condition by making queue locks independant of
  * the transmit lock. <steve@chygwyn.com>
+ * 03-04-12 Fix some possible ways to oops from the nbd-client closing the
+ * socket it gave us while we're still using that socket. <ldl@aros.net>
  *
  * possible FIXME: make set_sock / set_blksize / set_size / do_it one syscall
  * why not: would need verify_area and friends, would share yet another
@@ -153,7 +155,7 @@
         int result;
         struct nbd_request request;
         unsigned long size = req->nr_sectors << 9;
- struct socket *sock = lo->sock;
+ struct socket *sock;

         DEBUG("NBD: sending control, ");
         request.magic = htonl(NBD_REQUEST_MAGIC);
@@ -163,6 +165,8 @@
         memcpy(request.handle, &req, sizeof(req));

         down(&lo->tx_lock);
+ sock = lo->sock;
+ if (!sock) goto error_out; /* we got cleared */

         result = nbd_xmit(1, sock, (char *) &request, sizeof(request), req->cmd == WRITE ? MSG_MORE : 0);
         if (result <= 0)
@@ -402,7 +406,10 @@
                 if (!file)
                         return -EINVAL;
                 lo->file = NULL;
+ /* ensure we're not in critical section of nbd_send_req() */
+ down(&lo->tx_lock);
                 lo->sock = NULL;
+ up(&lo->tx_lock);
                 fput(file);
                 return 0;
         case NBD_SET_SOCK:

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Tony 'Nicoya' Mantler: "Re: Quick question about hyper-threading"
Previous message: Shaheed R. Haque: "Re: Re: Processor sets (pset) for linux kernel 2.5/2.6?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Tue Apr 15 2003 - 22:00:28 EST