Hello,
syzbot found the following issue on:
HEAD commit: d2af0fa4bfa4 Add linux-next specific files for 20230220
git tree: linux-next
console+strace: https://syzkaller.appspot.com/x/log.txt?x=170d2ef0c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=594e1a56901fd35d
dashboard link: https://syzkaller.appspot.com/bug?extid=2bcc0d79e548c4f62a59
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1227e837480000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=122d8ca0c80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/83b78c113e8e/disk-d2af0fa4.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/d59f9b2c9091/vmlinux-d2af0fa4.xz
kernel image: https://storage.googleapis.com/syzbot-assets/2726c16c1d3b/bzImage-d2af0fa4.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
------------[ cut here ]------------
WARNING: CPU: 1 PID: 5080 at block/bdev.c:845 blkdev_put+0x6ca/0x770 block/bdev.c:845
Modules linked in:
CPU: 1 PID: 5080 Comm: syz-executor158 Not tainted 6.2.0-rc8-next-20230220-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
RIP: 0010:blkdev_put+0x6ca/0x770 block/bdev.c:845
Code: 48 8b 3c 24 e8 b7 7c da fd e9 99 fa ff ff e8 8d 7c da fd e9 cf fb ff ff 4c 89 ff e8 80 7c da fd e9 80 fd ff ff e8 e6 ea 88 fd <0f> 0b e9 ef fc ff ff e8 8a 7c da fd e9 f3 fa ff ff 48 8b 3c 24 e8
RSP: 0018:ffffc90003cefc88 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff888144c49600 RCX: 0000000000000000
RDX: ffff88807c2f8000 RSI: ffffffff83fbb8da RDI: 0000000000000005
RBP: ffff888146bc0000 R08: 0000000000000005 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000000 R12: 00000000484e009f
R13: ffff888144c49628 R14: ffff888146bc0460 R15: ffff888144c49ab8
FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb645428948 CR3: 000000000c571000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
blkdev_close+0x68/0x80 block/fops.c:507
__fput+0x27c/0xa90 fs/file_table.c:321
task_work_run+0x16f/0x270 kernel/task_work.c:179
exit_task_work include/linux/task_work.h:38 [inline]
do_exit+0xb42/0x2b60 kernel/exit.c:869
do_group_exit+0xd4/0x2a0 kernel/exit.c:1019
__do_sys_exit_group kernel/exit.c:1030 [inline]
__se_sys_exit_group kernel/exit.c:1028 [inline]
__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1028
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fb6453e4639
Code: Unable to access opcode bytes at 0x7fb6453e460f.
RSP: 002b:00007ffcfacb3ec8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007fb645458270 RCX: 00007fb6453e4639
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb645458270
R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at [email protected].
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
Hi,
we are seeing a similar problem on s390x architecture when partitioning
a NVMe disk on linux-next.
[ 70.403015] nvme0n1: p1
[ 70.403197] ------------[ cut here ]------------
[ 70.403199] WARNING: CPU: 8 PID: 2452 at block/bdev.c:845 blkdev_put+0x280/0x298
[ 70.403207] Modules linked in: nft_fib_inet(E) nft_fib_ipv4(E) nft_fib_ipv6(E) nft_fib(E) nft_reject_inet(E) nf_reject_ipv4(E) nf_reject_ipv6(E) nft_reject(E) nft_ct(E) nft_chain_nat(E) nf_nat(E) nf_conntrack(E) nf_defrag_ipv6(E) nf_defrag_ipv4(E) ip_set(E) nf_tables(E) nfnetlink(E) sunrpc(E) binfmt_misc(E) uvdevice(E) s390_trng(E) eadm_sch(E) vfio_ccw(E) mdev(E) vfio_iommu_type1(E) vfio(E) sch_fq_codel(E) ip6_tables(E) ip_tables(E) x_tables(E) configfs(E) dm_service_time(E) ghash_s390(E) prng(E) chacha_s390(E) libchacha(E) aes_s390(E) des_s390(E) libdes(E) sha3_512_s390(E) sha3_256_s390(E) sha512_s390(E) sha256_s390(E) nvme(E) sha1_s390(E) sha_common(E) nvme_core(E) zfcp(E) scsi_transport_fc(E) dm_mirror(E) dm_region_hash(E) dm_log(E) scsi_dh_rdac(E) scsi_dh_emc(E) scsi_dh_alua(E) pkey(E) zcrypt(E) rng_core(E) dm_multipath(E) autofs4(E)
[ 70.403247] CPU: 8 PID: 2452 Comm: fdisk Tainted: G E 6.3.0-20230228.rc0.git67.058f4df42121.300.fc37.s390x+next #1
[ 70.403249] Hardware name: IBM 3931 A01 701 (LPAR)
[ 70.403251] Krnl PSW : 0704d00180000000 00000000800cc56c (blkdev_put+0x284/0x298)
[ 70.403254] R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:1 PM:0 RI:0 EA:3
[ 70.403257] Krnl GPRS: 00000000858a9720 00000000ffffffff 0000000000000009 000000008102d600
[ 70.403259] 0000000080a6c454 0000000000000000 0000000000000000 0000000082023c00
[ 70.403260] 000000009f3a49f8 000000009f3a4800 00000000484e109f 0000000082023c00
[ 70.403262] 00000000b0932100 000003ffa56c3b18 00000000800cc32a 00000380036b3cd8
[ 70.403268] Krnl Code: 00000000800cc55e: c0e5fffffbd9 brasl %r14,00000000800cbd10
00000000800cc564: a7f4ffaa brc 15,00000000800cc4b8
#00000000800cc568: af000000 mc 0,0
>00000000800cc56c: a7f4ff68 brc 15,00000000800cc43c
00000000800cc570: b9040023 lgr %r2,%r3
00000000800cc574: c0e5002a2d96 brasl %r14,00000000806120a0
00000000800cc57a: a7f4ff58 brc 15,00000000800cc42a
00000000800cc57e: 0707 bcr 0,%r7
[ 70.403319] Call Trace:
[ 70.403321] [<00000000800cc56c>] blkdev_put+0x284/0x298
[ 70.403325] [<00000000800cd4da>] blkdev_close+0x32/0x48
[ 70.403328] [<000000007fcee9ce>] __fput+0x96/0x290
[ 70.403332] [<000000007fa1dfe0>] task_work_run+0x88/0xe0
[ 70.403337] [<000000007fa9e5a0>] exit_to_user_mode_prepare+0x1a0/0x1a8
[ 70.403340] [<0000000080625996>] __do_syscall+0x11e/0x200
[ 70.403345] [<0000000080635162>] system_call+0x82/0xb0
[ 70.403349] Last Breaking-Event-Address:
[ 70.403350] [<00000000800cc436>] blkdev_put+0x14e/0x298
[ 70.403353] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 70.403354] CPU: 8 PID: 2452 Comm: fdisk Tainted: G E 6.3.0-20230228.rc0.git67.058f4df42121.300.fc37.s390x+next #1
[ 70.403357] Hardware name: IBM 3931 A01 701 (LPAR)
[ 70.403357] Call Trace:
[ 70.403358] [<000000008062559a>] dump_stack_lvl+0x62/0x80
[ 70.403360] [<0000000080613eb0>] panic+0x118/0x300
[ 70.403364] [<000000007f9f3a40>] check_panic_on_warn+0x70/0x88
[ 70.403367] [<000000007f9f3ce8>] __warn+0x108/0x150
[ 70.403369] [<00000000805e8d76>] report_bug+0x18e/0x1e8
[ 70.403371] [<000000007f9a11a4>] monitor_event_exception+0x44/0x80
[ 70.403374] [<0000000080625798>] __do_pgm_check+0xf0/0x1b0
[ 70.403375] [<00000000806352ec>] pgm_check_handler+0x11c/0x170
[ 70.403377] [<00000000800cc56c>] blkdev_put+0x284/0x298
[ 70.403380] [<00000000800cd4da>] blkdev_close+0x32/0x48
[ 70.403382] [<000000007fcee9ce>] __fput+0x96/0x290
[ 70.403384] [<000000007fa1dfe0>] task_work_run+0x88/0xe0
[ 70.403386] [<000000007fa9e5a0>] exit_to_user_mode_prepare+0x1a0/0x1a8
[ 70.403388] [<0000000080625996>] __do_syscall+0x11e/0x200
[ 70.403390] [<0000000080635162>] system_call+0x82/0xb0
The problem appeared about a week ago.
Regards
Alex
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in blkdev_flush_mapping
------------[ cut here ]------------
WARNING: CPU: 1 PID: 5617 at block/bdev.c:582 blkdev_flush_mapping+0x293/0x310 block/bdev.c:582
Modules linked in:
CPU: 1 PID: 5617 Comm: syz-executor.0 Not tainted 6.2.0-syzkaller-13277-g2eb29d59ddf0-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
RIP: 0010:blkdev_flush_mapping+0x293/0x310 block/bdev.c:582
Code: e8 a2 24 6c fd e9 5a ff ff ff e8 18 82 88 fd 48 89 ef 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f e9 32 f8 1e 06 e8 fd 81 88 fd <0f> 0b e9 bc fd ff ff e8 b1 fd d9 fd e9 9a fd ff ff 48 8b 3c 24 e8
RSP: 0018:ffffc90004b0fd10 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000
RDX: ffff8880241f9d40 RSI: ffffffff83fc7843 RDI: 0000000000000005
RBP: ffff88801ea51001 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000002 R11: 0000000000000000 R12: 00000000484e009f
R13: ffff88801bd36328 R14: ffff88801bd36300 R15: 0000000000000000
FS: 000055555667d400(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd2b67cf70 CR3: 0000000029003000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
blkdev_put_whole+0xd1/0xf0 block/bdev.c:615
blkdev_put+0x224/0x7e0 block/bdev.c:878
blkdev_close+0x68/0x80 block/fops.c:507
__fput+0x27c/0xa90 fs/file_table.c:321
task_work_run+0x16f/0x270 kernel/task_work.c:179
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
exit_to_user_mode_prepare+0x23c/0x250 kernel/entry/common.c:203
__syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:296
do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f657123dfab
Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44
RSP: 002b:00007ffc3ff573b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f657123dfab
RDX: 00007f6570e00120 RSI: ffffffffffffffff RDI: 0000000000000003
RBP: 00007f65713ad980 R08: 0000000000000000 R09: 00007f6570e00000
R10: 00007f6570e00128 R11: 0000000000000293 R12: 0000000000015b6b
R13: 00007ffc3ff574b0 R14: 00007f65713abf80 R15: 0000000000000032
</TASK>
Tested on:
commit: 2eb29d59 Merge tag 'drm-next-2023-03-03-1' of git://an..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=111f9404c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=cab35c936731a347
dashboard link: https://syzkaller.appspot.com/bug?extid=2bcc0d79e548c4f62a59
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=12380f7f480000
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: [email protected]
Tested on:
commit: 2eb29d59 Merge tag 'drm-next-2023-03-03-1' of git://an..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=10467122c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=cab35c936731a347
dashboard link: https://syzkaller.appspot.com/bug?extid=2bcc0d79e548c4f62a59
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=10d3ef60c80000
Note: testing is done by a robot and is best-effort only.
On Thu, 2023-03-02 at 20:33 +0100, Alexander Egorenkov wrote:
>
> Hi,
>
> we are seeing a similar problem on s390x architecture when
> partitioning
> a NVMe disk on linux-next.
>
>
> [ 70.403015] nvme0n1: p1
> [ 70.403197] ------------[ cut here ]------------
> [ 70.403199] WARNING: CPU: 8 PID: 2452 at block/bdev.c:845
> blkdev_put+0x280/0x298
...
> The problem appeared about a week ago.
>
> Regards
> Alex
Hi all,
I bisected this to:
commit e5cfefa97bccf956ea0bb6464c1f6c84fd7a8d9f
Author: Yu Kuai <[email protected]>
Date: Fri Feb 17 10:22:00 2023 +0800
block: fix scan partition for exclusively open device again
As explained in commit 36369f46e917 ("block: Do not reread
partition table
on exclusively open device"), reread partition on the device that
is
exclusively opened by someone else is problematic.
This patch will make sure partition scan will only be proceed if
current
thread open the device exclusively, or the device is not opened
exclusively, and in the later case, other scanners and exclusive
openers
will be blocked temporarily until partition scan is done.
Fixes: 10c70d95c0f2 ("block: remove the bd_openers checks in
blk_drop_partitions")
Cc: <[email protected]>
Suggested-by: Jan Kara <[email protected]>
Signed-off-by: Yu Kuai <[email protected]>
Reviewed-by: Christoph Hellwig <[email protected]>
Link:
https://lore.kernel.org/r/[email protected]
Signed-off-by: Jens Axboe <[email protected]>
Regards
Julian
--
Julian Ruess
Linux on IBM Z Development
IBM Deutschland Research & Development GmbH
Dept 1419, Schoenaicher Str. 220, 71032 Boeblingen,
Vorsitzender des Aufsichtsrats: Gregor Pillen, Geschäftsführung: David
Faller
Sitz der Gesellschaft: Böblingen, Registergericht: Amtsgericht
Stuttgart, HRB 243294
IBM Data Privacy Statement - https://www.ibm.com/privacy
Hi,
在 2023/03/06 23:00, Julian Ruess 写道:
> On Thu, 2023-03-02 at 20:33 +0100, Alexander Egorenkov wrote:
>>
>> Hi,
>>
>> we are seeing a similar problem on s390x architecture when
>> partitioning
>> a NVMe disk on linux-next.
>>
>>
>> [ 70.403015] nvme0n1: p1
>> [ 70.403197] ------------[ cut here ]------------
>> [ 70.403199] WARNING: CPU: 8 PID: 2452 at block/bdev.c:845
>> blkdev_put+0x280/0x298
>
> ...
>
>> The problem appeared about a week ago.
>>
>> Regards
>> Alex
>
> Hi all,
>
> I bisected this to:
>
> commit e5cfefa97bccf956ea0bb6464c1f6c84fd7a8d9f
> Author: Yu Kuai <[email protected]>
> Date: Fri Feb 17 10:22:00 2023 +0800
>
> block: fix scan partition for exclusively open device again
Yes, thanks for the report, I figure out that I made a mistake here.
Following patch should fix this problem:
diff --git a/block/genhd.c b/block/genhd.c
index 3ee5577e1586..02d9cfb9e077 100644
--- a/block/genhd.c
+++ b/block/genhd.c
@@ -385,7 +385,7 @@ int disk_scan_partitions(struct gendisk *disk,
fmode_t mode)
if (IS_ERR(bdev))
ret = PTR_ERR(bdev);
else
- blkdev_put(bdev, mode);
+ blkdev_put(bdev, mode & ~FMODE_EXCL);
Thanks,
Kuai
>
> As explained in commit 36369f46e917 ("block: Do not reread
> partition table
> on exclusively open device"), reread partition on the device that
> is
> exclusively opened by someone else is problematic.
>
> This patch will make sure partition scan will only be proceed if
> current
> thread open the device exclusively, or the device is not opened
> exclusively, and in the later case, other scanners and exclusive
> openers
> will be blocked temporarily until partition scan is done.
>
> Fixes: 10c70d95c0f2 ("block: remove the bd_openers checks in
> blk_drop_partitions")
> Cc: <[email protected]>
> Suggested-by: Jan Kara <[email protected]>
> Signed-off-by: Yu Kuai <[email protected]>
> Reviewed-by: Christoph Hellwig <[email protected]>
> Link:
> https://lore.kernel.org/r/[email protected]
>
> Signed-off-by: Jens Axboe <[email protected]>
>
>
>
> Regards
> Julian
>
On Tue, 2023-03-07 at 09:42 +0800, Yu Kuai wrote:
> Hi,
>
> 在 2023/03/06 23:00, Julian Ruess 写道:
> > On Thu, 2023-03-02 at 20:33 +0100, Alexander Egorenkov wrote:
> > >
> > > Hi,
> > >
> > > we are seeing a similar problem on s390x architecture when
> > > partitioning
> > > a NVMe disk on linux-next.
> > >
> > >
> > > [ 70.403015] nvme0n1: p1
> > > [ 70.403197] ------------[ cut here ]------------
> > > [ 70.403199] WARNING: CPU: 8 PID: 2452 at block/bdev.c:845
> > > blkdev_put+0x280/0x298
> >
> > ...
> >
> > > The problem appeared about a week ago.
> > >
> > > Regards
> > > Alex
> >
> > Hi all,
> >
> > I bisected this to:
> >
> > commit e5cfefa97bccf956ea0bb6464c1f6c84fd7a8d9f
> > Author: Yu Kuai <[email protected]>
> > Date: Fri Feb 17 10:22:00 2023 +0800
> >
> >
> > block: fix scan partition for exclusively open device again
>
> Yes, thanks for the report, I figure out that I made a mistake here.
>
> Following patch should fix this problem:
>
> diff --git a/block/genhd.c b/block/genhd.c
> index 3ee5577e1586..02d9cfb9e077 100644
> --- a/block/genhd.c
> +++ b/block/genhd.c
> @@ -385,7 +385,7 @@ int disk_scan_partitions(struct gendisk *disk,
> fmode_t mode)
> if (IS_ERR(bdev))
> ret = PTR_ERR(bdev);
> else
> - blkdev_put(bdev, mode);
> + blkdev_put(bdev, mode & ~FMODE_EXCL);
>
> Thanks,
> Kuai
> >
> >
> > As explained in commit 36369f46e917 ("block: Do not reread
> > partition table
> > on exclusively open device"), reread partition on the device
> > that
> > is
> > exclusively opened by someone else is problematic.
> >
> >
> > This patch will make sure partition scan will only be proceed
> > if
> > current
> > thread open the device exclusively, or the device is not
> > opened
> > exclusively, and in the later case, other scanners and
> > exclusive
> > openers
> > will be blocked temporarily until partition scan is done.
> >
> >
> > Fixes: 10c70d95c0f2 ("block: remove the bd_openers checks in
> > blk_drop_partitions")
> > Cc: <[email protected]>
> > Suggested-by: Jan Kara <[email protected]>
> > Signed-off-by: Yu Kuai <[email protected]>
> > Reviewed-by: Christoph Hellwig <[email protected]>
> > Link:
> > https://lore.kernel.org/r/[email protected]
> >
> > Signed-off-by: Jens Axboe <[email protected]>
> >
> >
> >
> > Regards
> > Julian
> >
>
This patch works for me. Thanks!
@Jens Axboe: Will this be part of the next 6.3-rc?
Regards
Julian
From: Yu Kuai <[email protected]>
If disk_scan_partitions() is called with 'FMODE_EXCL',
blkdev_get_by_dev() will be called without 'FMODE_EXCL', however, follow
blkdev_put() is still called with 'FMODE_EXCL', which will cause
'bd_holders' counter to leak.
Fix the problem by using the right mode for blkdev_put().
Reported-by: [email protected]
Link: https://lore.kernel.org/lkml/[email protected]/T/
Tested-by: Julian Ruess <[email protected]>
Fixes: e5cfefa97bcc ("block: fix scan partition for exclusively open device again")
Signed-off-by: Yu Kuai <[email protected]>
---
block/genhd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/genhd.c b/block/genhd.c
index 3ee5577e1586..02d9cfb9e077 100644
--- a/block/genhd.c
+++ b/block/genhd.c
@@ -385,7 +385,7 @@ int disk_scan_partitions(struct gendisk *disk, fmode_t mode)
if (IS_ERR(bdev))
ret = PTR_ERR(bdev);
else
- blkdev_put(bdev, mode);
+ blkdev_put(bdev, mode & ~FMODE_EXCL);
if (!(mode & FMODE_EXCL))
bd_abort_claiming(disk->part0, disk_scan_partitions);
--
2.31.1
On Tue 07-03-23 18:55:52, Yu Kuai wrote:
> From: Yu Kuai <[email protected]>
>
> If disk_scan_partitions() is called with 'FMODE_EXCL',
> blkdev_get_by_dev() will be called without 'FMODE_EXCL', however, follow
> blkdev_put() is still called with 'FMODE_EXCL', which will cause
> 'bd_holders' counter to leak.
>
> Fix the problem by using the right mode for blkdev_put().
>
> Reported-by: [email protected]
> Link: https://lore.kernel.org/lkml/[email protected]/T/
> Tested-by: Julian Ruess <[email protected]>
> Fixes: e5cfefa97bcc ("block: fix scan partition for exclusively open device again")
> Signed-off-by: Yu Kuai <[email protected]>
Thanks for fixing this! Feel free to add:
Reviewed-by: Jan Kara <[email protected]>
Honza
> ---
> block/genhd.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/block/genhd.c b/block/genhd.c
> index 3ee5577e1586..02d9cfb9e077 100644
> --- a/block/genhd.c
> +++ b/block/genhd.c
> @@ -385,7 +385,7 @@ int disk_scan_partitions(struct gendisk *disk, fmode_t mode)
> if (IS_ERR(bdev))
> ret = PTR_ERR(bdev);
> else
> - blkdev_put(bdev, mode);
> + blkdev_put(bdev, mode & ~FMODE_EXCL);
>
> if (!(mode & FMODE_EXCL))
> bd_abort_claiming(disk->part0, disk_scan_partitions);
> --
> 2.31.1
>
--
Jan Kara <[email protected]>
SUSE Labs, CR
On Tue, 07 Mar 2023 18:55:52 +0800, Yu Kuai wrote:
> If disk_scan_partitions() is called with 'FMODE_EXCL',
> blkdev_get_by_dev() will be called without 'FMODE_EXCL', however, follow
> blkdev_put() is still called with 'FMODE_EXCL', which will cause
> 'bd_holders' counter to leak.
>
> Fix the problem by using the right mode for blkdev_put().
>
> [...]
Applied, thanks!
[1/1] block: fix wrong mode for blkdev_put() from disk_scan_partitions()
commit: 428913bce1e67ccb4dae317fd0332545bf8c9233
Best regards,
--
Jens Axboe