Re: nbd: add locking to nbd_ioctl

From: Pavel Machek
Date: Mon Jan 19 2009 - 04:55:48 EST

Next message: Uwe Kleine-König: "Re: [RFC 2.6.28 1/2] gpiolib: add set/get batch v4"
Previous message: Zdenek Kabelac: "Re: 2.6.29-rc1 does not resume on Lenove T61"
In reply to: Paul Clements: "Re: nbd: add locking to nbd_ioctl"
Next in thread: Paul Clements: "Re: nbd: add locking to nbd_ioctl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Pavel Machek wrote:
> >On Fri 2009-01-16 10:24:06, Paul Clements wrote:
> >>Pavel Machek wrote:
> >>>The code was written with "oh big kernel lock, please protect me from
> >>>all the evil" mentality: it does not locks its own data structures, it
> >>>just hopes that big kernel lock somehow helps.
> >>>
> >>>It does not. (My fault).
> >>>
> >>>So this uses tx_lock to protect data structures from concurrent use
> >>>between ioctl and worker threads.
> >>What is the particular problem that this fixes? I thought we had already
> >>been careful to take tx_lock where necessary to protect data structures.
> >> Perhaps there is something I missed?
> >
> >for example lo->sock / lo->file are written to without holding any
> >lock in current code. (lo->xmit_timeout has similar problem, and other
> >fields, too).
>
> lo->sock is only modified under tx_lock (except for SET_SOCK, where the
> device is being initialized, in which case it's impossible for any other
> thread to be accessing the device)

Well, unless the user is evil or confused? :-).

> no one else uses lo->file except for the ioctls
>
> I agree that if you really misuse the ioctls you could potentially get
> yourself in trouble with the xmit_timeout (the timer not being deleted
> or initialized properly if you hit the correct window). Taking tx_lock
> would prevent this.

Good.

> As for other fields, I assume you're talking about blksize, et al.
> Taking tx_lock doesn't prevent you from screwing yourself if you modify
> those while the device is active. You'd need to disallow those ioctls
> when the device is active (check lo->file). Again, this is only going to
> happen if you really misuse the ioctls.

Ok, I'll take a look at the missing checks. I'd really like to make
this "stable" -- no ammount of misuse should crash the kernel.
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Uwe Kleine-König: "Re: [RFC 2.6.28 1/2] gpiolib: add set/get batch v4"
Previous message: Zdenek Kabelac: "Re: 2.6.29-rc1 does not resume on Lenove T61"
In reply to: Paul Clements: "Re: nbd: add locking to nbd_ioctl"
Next in thread: Paul Clements: "Re: nbd: add locking to nbd_ioctl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]