Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S964830AbbLHKIE (ORCPT <rfc822;w@1wt.eu>);
	Tue, 8 Dec 2015 05:08:04 -0500
Received: from eu-smtp-delivery-143.mimecast.com ([207.82.80.143]:60571 "EHLO
	eu-smtp-delivery-143.mimecast.com" rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with ESMTP id S932703AbbLHKH4 convert rfc822-to-8bit
	(ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Tue, 8 Dec 2015 05:07:56 -0500
Subject: Re: [PATCH] blkdev: Fix blkdev_open to release the bdev on error
To: Al Viro <viro@ZenIV.linux.org.uk>
References: <1449511503-7543-1-git-send-email-suzuki.poulose@arm.com>
 <20151208072508.GM20997@ZenIV.linux.org.uk>
Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
        marc.zyngier@arm.com, torvalds@linux-foundation.org,
        Tejun Heo <tj@kernel.org>, stable@vger.kernel.org
From: "Suzuki K. Poulose" <Suzuki.Poulose@arm.com>
Message-ID: <5666ABD7.3090705@arm.com>
Date: Tue, 8 Dec 2015 10:07:19 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <20151208072508.GM20997@ZenIV.linux.org.uk>
X-OriginalArrivalTime: 08 Dec 2015 10:07:19.0961 (UTC) FILETIME=[397F0890:01D131A0]
X-MC-Unique: LlxAWy9iSRK8FlXQyLcTbw-1
Content-Type: text/plain; charset=WINDOWS-1252; format=flowed
Content-Transfer-Encoding: 8BIT
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1624
Lines: 43

On 08/12/15 07:25, Al Viro wrote:
> On Mon, Dec 07, 2015 at 06:05:03PM +0000, Suzuki K. Poulose wrote:
>> blkdev_open() doesn't release the bdev, it attached to a given
>> inode, if blkdev_get() fails (e.g, due to absence of a device).
>> This can cause kernel crashes when the original filesystem
>> tries to flush the data during evict_inode.
>>
>> This can be triggered easily with virtio-9p fs using the following
>> simple steps.
>
> ???

> How can filesystem type affect the behaviour of block devices?
>

...

>
> We should not do bd_forget() upon failing open() - what for?  As long as
> ->i_rdev remains the same, the pointer to struct bdev is valid.  It
> doesn't pin bdev down; having it (or any other alias) opened does.  When
> we decide to evict bdev, *all* aliasing inodes are dissociated from it;
> none of them is open at that point, so we are OK.  When an aliasing inode
> gets evicted, we have it dissociated from its ->i_bdev (if any).  Since we
> only access the ->i_mapping of aliasing inode while its open, those places
> are fine and anything that wants ->i_data of alias will simply find it empty.

Thanks for the detailed explanation. Surely my patch was not cooked up
on the full understanding of the bdev fs. Things are much more clear now.

> Could you confirm that the patch below fixes your problem?


Yes, it does solve the issue.

Thanks
Suzuki

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/