Re: [PATCH] nbd: fix race in ioctl

[Vegard Nossum]

On 05/30/2016 02:58 PM, Markus Pargmann wrote:
> Hi,
>
> On Friday 27 May 2016 12:59:35 Vegard Nossum wrote:
> > Quentin ran into this bug:
> >
> > WARNING: CPU: 64 PID: 10085 at fs/sysfs/dir.c:31 sysfs_warn_dup+0x65/0x80

[...]

> > It seems fairly obvious that device_create_file() is not being protected
> > from being run concurrently on the same nbd.
> >
> > Quentin found the following relevant commits:
> >
> > 1a2ad21 nbd: add locking to nbd_ioctl
> > 90b8f28 [PATCH] end of methods switch: remove the old ones
> > d4430d6 [PATCH] beginning of methods conversion
> > 08f8585 [PATCH] move block_device_operations to blkdev.h
> >
> > It would seem that the race was introduced in the process of moving nbd
> > from BKL to unlocked ioctls.
> >
> > By setting nbd->task_recv while the mutex is held, we can prevent other
> > processes from running concurrently (since nbd->task_recv is also checked
> > while the mutex is held).
> >
> > Reported-and-tested-by: Quentin Casasnovas <quentin.casasnovas@xxxxxxxxxx>
> > Cc: Markus Pargmann <mpa@xxxxxxxxxxxxxx>
> > Cc: Paul Clements <paul.clements@xxxxxxxxxxxx>
> > Cc: Pavel Machek <pavel@xxxxxxx>
> > Cc: Jens Axboe <axboe@xxxxxx>
> > Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
> > Signed-off-by: Vegard Nossum <vegard.nossum@xxxxxxxxxx>
>
> Thanks, applied.
>
> Best Regards,
>
> Markus

Hi,

I didn't see this patch in the batch that went into 4.8, so I'm just
following up to make sure it doesn't get lost.

Moreover, it should also probably go into stable.


Vegard