Re: [PATCH] blkdev: Fix blkdev_open to release the bdev on error

[Suzuki K. Poulose]

On 08/12/15 07:25, Al Viro wrote:
> On Mon, Dec 07, 2015 at 06:05:03PM +0000, Suzuki K. Poulose wrote:
> > blkdev_open() doesn't release the bdev, it attached to a given
> > inode, if blkdev_get() fails (e.g, due to absence of a device).
> > This can cause kernel crashes when the original filesystem
> > tries to flush the data during evict_inode.
> >
> > This can be triggered easily with virtio-9p fs using the following
> > simple steps.
>
> ???

> How can filesystem type affect the behaviour of block devices?

...

> We should not do bd_forget() upon failing open() - what for?  As long as
> ->i_rdev remains the same, the pointer to struct bdev is valid.  It
> doesn't pin bdev down; having it (or any other alias) opened does.  When
> we decide to evict bdev, *all* aliasing inodes are dissociated from it;
> none of them is open at that point, so we are OK.  When an aliasing inode
> gets evicted, we have it dissociated from its ->i_bdev (if any).  Since we
> only access the ->i_mapping of aliasing inode while its open, those places
> are fine and anything that wants ->i_data of alias will simply find it empty.

Thanks for the detailed explanation. Surely my patch was not cooked up
on the full understanding of the bdev fs. Things are much more clear now.

> Could you confirm that the patch below fixes your problem?


Yes, it does solve the issue.

Thanks
Suzuki

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/