BUG: race-cond with partition-check and ll_rw_blk (all platforms, 2.4.*!)

From: COTTE@de.ibm.com
Date: Thu Jun 07 2001 - 06:44:56 EST

Next message: David S. Miller: "Re: [PATCH] sockreg2.4.5-05 inet[6]_create() register/unregister table"
Previous message: Chris Mason: "[PATCH] reiserfs writepage <-> preallocation race"
Next in thread: Andries.Brouwer@cwi.nl: "Re: BUG: race-cond with partition-check and ll_rw_blk (all platforms, 2.4.*!)"
Maybe reply: Andries.Brouwer@cwi.nl: "Re: BUG: race-cond with partition-check and ll_rw_blk (all platforms, 2.4.*!)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi kernel-list-readers!

We just had a problem when running some formatting-utils on
a large amount of disks synchronously: We got a NULL-pointer
violation when accessig blk_size[major] for our major number.
Further research showed, that grok_partitions was running at
that time, which has been called by register_disk, which our
device driver issues after a disk has been formatted.
Grok_partitions first initializes blk_size[major] with a NULL
pointer, detects the partitions and then assigns the original
value to blk_size[major] again.
Here's the interresting code from these functions, I cut some
irrelevant things out:
>From grok_paritions:
     blk_size[dev->major] = NULL;
     check_partition(dev, MKDEV(dev->major, first_minor), 1 + first_minor);
     if (dev->sizes != NULL) {
          blk_size[dev->major] = dev->sizes;
     };
>From generic_make_request:
     if (blk_size[major]) {
               if (blk_size[major][MINOR(bh->b_rdev)]) {
                    printk(KERN_INFO
                           "attempt to access beyond end of device\n");
                    printk(KERN_INFO "%s: rw=%d, want=%ld, limit=%d\n",
                           kdevname(bh->b_rdev), rw,
                           (sector + count)>>1,
                           blk_size[major][MINOR(bh->b_rdev)]);
               }

Can anyone explain to me, why grok_partitions has to clear
this pointer? Why is this all done without any lock which causes
race conditions all over the block-device layer (for example
generic_make_request() in ll_rw_blk.c first checks if the pointer
is set and afterwards accesses the array behind the pointer)?

mit freundlichem Gru

ß / with kind regards
Carsten Otte

IBM Deutschland Entwicklung GmbH
Linux for 390/zSeries Development - Device Driver Team
Phone: +49/07031/16-4076
IBM internal phone: *120-4076

-- We are Linux. Resistance indicates that you're missing the point!

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Next message: David S. Miller: "Re: [PATCH] sockreg2.4.5-05 inet[6]_create() register/unregister table"
Previous message: Chris Mason: "[PATCH] reiserfs writepage <-> preallocation race"
Next in thread: Andries.Brouwer@cwi.nl: "Re: BUG: race-cond with partition-check and ll_rw_blk (all platforms, 2.4.*!)"
Maybe reply: Andries.Brouwer@cwi.nl: "Re: BUG: race-cond with partition-check and ll_rw_blk (all platforms, 2.4.*!)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Jun 07 2001 - 21:01:00 EST