Re: [PATCH] fix /proc/partitions oops

From: Andrew Morton
Date: Thu Sep 07 2006 - 17:32:39 EST

Next message: Nick Piggin: "Re: [PATCH] Fix longstanding load balancing bug in the scheduler."
Previous message: Alan Stern: "Uses for memory barriers"
In reply to: James Cross: "[PATCH] fix /proc/partitions oops"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 7 Sep 2006 17:04:20 +0100 (BST)
James Cross <james_cross@xxxxxxxxxxxx> wrote:

> If show_partition happens to race with re-reading a partition table
> (rescan_partitions), sgp->part[n] can become NULL just after it's been
> tested, and so cause an oops: read it once (and read nr_sects just the
> once too, to avoid a chance of showing 0).
>

OK.

>
> block/genhd.c | 12 ++++++++----
> 1 file changed, 8 insertions(+), 4 deletions(-)
>
> --- 2.6.18-rc6/block/genhd.c.orig 2006-09-07 12:14:32.183218000 +0100
> +++ 2.6.18-rc6/block/genhd.c 2006-09-07 12:15:16.134498000 +0100
> @@ -261,14 +261,18 @@ static int show_partition(struct seq_fil
> (unsigned long long)get_capacity(sgp) >> 1,
> disk_name(sgp, 0, buf));
> for (n = 0; n < sgp->minors - 1; n++) {
> - if (!sgp->part[n])
> + struct hd_struct *partn;
> + unsigned long long nr_sects;
> +
> + partn = sgp->part[n];
> + if (!partn)
> continue;
> - if (sgp->part[n]->nr_sects == 0)
> + nr_sects = partn->nr_sects;
> + if (nr_sects == 0)
> continue;
> seq_printf(part, "%4d %4d %10llu %s\n",
> sgp->major, n + 1 + sgp->first_minor,
> - (unsigned long long)sgp->part[n]->nr_sects >> 1 ,
> - disk_name(sgp, n + 1, buf));
> + nr_sects >> 1, disk_name(sgp, n + 1, buf));
> }
>
> return 0;

But that'll leave us reading possibly-freed memory.

I expect the correct way to fix this is with locking: the /proc/partitions
reading code needs to lock down the partition information while it's
reading it.

AFAICT the appropriate lock to take is the bdev->bd_mutex on the blockdev
which represents the "whole" disk. But I'm not sure whether that's
correct, nor what the official way is of hunting down that block_device*,
nor whether the code in do_open() is managing to take the correct lock.

Cc's hopefully added.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Nick Piggin: "Re: [PATCH] Fix longstanding load balancing bug in the scheduler."
Previous message: Alan Stern: "Uses for memory barriers"
In reply to: James Cross: "[PATCH] fix /proc/partitions oops"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]