Re: [PATCH] loop: fix to a race condition due to the early registration of device
From: Ming Lei
Date: Sun Aug 06 2017 - 22:39:54 EST
On Thu, Aug 3, 2017 at 11:01 PM, Anton Volkov <avolkov@xxxxxxxxx> wrote:
> The early device registration made possible a race leading to allocations
> of disks with wrong minors.
>
> This patch moves the device registration further down the loop_init
> function to make the race infeasible.
>
> Found by Linux Driver Verification project (linuxtesting.org).
>
> Signed-off-by: Anton Volkov <avolkov@xxxxxxxxx>
> ---
> drivers/block/loop.c | 14 ++++++++------
> 1 file changed, 8 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/block/loop.c b/drivers/block/loop.c
> index ef83349..2fbd4089 100644
> --- a/drivers/block/loop.c
> +++ b/drivers/block/loop.c
> @@ -1996,10 +1996,6 @@ static int __init loop_init(void)
> struct loop_device *lo;
> int err;
>
> - err = misc_register(&loop_misc);
> - if (err < 0)
> - return err;
> -
> part_shift = 0;
> if (max_part > 0) {
> part_shift = fls(max_part);
> @@ -2017,12 +2013,12 @@ static int __init loop_init(void)
>
> if ((1UL << part_shift) > DISK_MAX_PARTS) {
> err = -EINVAL;
> - goto misc_out;
> + goto err_out;
> }
>
> if (max_loop > 1UL << (MINORBITS - part_shift)) {
> err = -EINVAL;
> - goto misc_out;
> + goto err_out;
> }
>
> /*
> @@ -2041,6 +2037,11 @@ static int __init loop_init(void)
> range = 1UL << MINORBITS;
> }
>
> + err = misc_register(&loop_misc);
> + if (err < 0)
> + goto err_out;
> +
> +
> if (register_blkdev(LOOP_MAJOR, "loop")) {
> err = -EIO;
> goto misc_out;
> @@ -2060,6 +2061,7 @@ static int __init loop_init(void)
>
> misc_out:
> misc_deregister(&loop_misc);
> +err_out:
> return err;
> }
>
> --
> 2.7.4
>
Looks fine:
Reviewed-by: Ming Lei <ming.lei@xxxxxxxxxx>
BTW, this patch should have been CCed to linux-block mail list.
Thanks,
Ming Lei