On Wed, 6 Feb 2013 11:39:53 -0800
Tejun Heo <[email protected]> wrote:
> idr allocation in blk_alloc_devt() wasn't synchronized against lookup
> and removal, and its limit check was off by one - 1 << MINORBITS is
> the number of minors allowed, not the maximum allowed minor.
>
> Add locking and rename MAX_EXT_DEVT to NR_EXT_DEVT and fix limit
> checking.
>
> ...
>
> --- a/block/genhd.c
> +++ b/block/genhd.c
> @@ -26,7 +26,7 @@ static DEFINE_MUTEX(block_class_lock);
> struct kobject *block_depr;
>
> /* for extended dynamic devt allocation, currently only one major is used */
> -#define MAX_EXT_DEVT (1 << MINORBITS)
> +#define NR_EXT_DEVT (1 << MINORBITS)
>
> /* For extended devt allocation. ext_devt_mutex prevents look up
> * results from going away underneath its user.
> @@ -423,17 +423,18 @@ int blk_alloc_devt(struct hd_struct *part, dev_t *devt)
> do {
> if (!idr_pre_get(&ext_devt_idr, GFP_KERNEL))
> return -ENOMEM;
> + mutex_lock(&ext_devt_mutex);
> rc = idr_get_new(&ext_devt_idr, part, &idx);
> + if (!rc && idx >= NR_EXT_DEVT) {
> + idr_remove(&ext_devt_idr, idx);
> + rc = -EBUSY;
> + }
> + mutex_unlock(&ext_devt_mutex);
> } while (rc == -EAGAIN);
>
> if (rc)
> return rc;
>
> - if (idx > MAX_EXT_DEVT) {
> - idr_remove(&ext_devt_idr, idx);
> - return -EBUSY;
> - }
> -
> *devt = MKDEV(BLOCK_EXT_MAJOR, blk_mangle_minor(idx));
> return 0;
> }
This gets all tangled up with
http://ozlabs.org/~akpm/mmotm/broken-out/block-fix-ext_devt_idr-handling.patch,
which appears to solve the same issue.
What to do?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
