Re: [PATCH] nbd: fix race in ioctl

[Jens Axboe]

On 07/29/2016 04:55 AM, Vegard Nossum wrote:
> On 05/30/2016 02:58 PM, Markus Pargmann wrote:
> > Hi,
> >
> > On Friday 27 May 2016 12:59:35 Vegard Nossum wrote:
> > > Quentin ran into this bug:
> > >
> > > WARNING: CPU: 64 PID: 10085 at fs/sysfs/dir.c:31
> > > sysfs_warn_dup+0x65/0x80
>
> [...]
>
> > > It seems fairly obvious that device_create_file() is not being protected
> > > from being run concurrently on the same nbd.
> > >
> > > Quentin found the following relevant commits:
> > >
> > > 1a2ad21 nbd: add locking to nbd_ioctl
> > > 90b8f28 [PATCH] end of methods switch: remove the old ones
> > > d4430d6 [PATCH] beginning of methods conversion
> > > 08f8585 [PATCH] move block_device_operations to blkdev.h
> > >
> > > It would seem that the race was introduced in the process of moving nbd
> > > from BKL to unlocked ioctls.
> > >
> > > By setting nbd->task_recv while the mutex is held, we can prevent other
> > > processes from running concurrently (since nbd->task_recv is also
> > > checked
> > > while the mutex is held).
> > >
> > > Reported-and-tested-by: Quentin Casasnovas
> > > <quentin.casasnovas@xxxxxxxxxx>
> > > Cc: Markus Pargmann <mpa@xxxxxxxxxxxxxx>
> > > Cc: Paul Clements <paul.clements@xxxxxxxxxxxx>
> > > Cc: Pavel Machek <pavel@xxxxxxx>
> > > Cc: Jens Axboe <axboe@xxxxxx>
> > > Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
> > > Signed-off-by: Vegard Nossum <vegard.nossum@xxxxxxxxxx>
> >
> > Thanks, applied.
> >
> > Best Regards,
> >
> > Markus
>
> Hi,
>
> I didn't see this patch in the batch that went into 4.8, so I'm just
> following up to make sure it doesn't get lost.
>
> Moreover, it should also probably go into stable.

I have applied it for 4.8.

--
Jens Axboe