Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752289AbdG1Pzx (ORCPT ); Fri, 28 Jul 2017 11:55:53 -0400 Received: from mail.ispras.ru ([83.149.199.45]:45324 "EHLO mail.ispras.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752230AbdG1Pzu (ORCPT ); Fri, 28 Jul 2017 11:55:50 -0400 From: Anton Volkov Subject: Possible race in loop.ko To: axboe@fb.com Cc: tom.leiming@gmail.com, osandov@fb.com, linux-kernel@vger.kernel.org, ldv-project@linuxtesting.org, khoroshilov@ispras.ru Message-ID: Date: Fri, 28 Jul 2017 18:55:49 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1024 Lines: 30 Hello. While searching for races in Linux kernel I've come across drivers/block/loop.ko module. Here is the question that I came up with while analyzing results. Lines are given using the info from Linux v4.12. In loop_init function additional initialization happens after a successful call to misc_register() (loop.c: line 1961). Consider the following case: Thread 1: Thread 2: loop_init() misc_register() loop_control_ioctl part_shift = 0 -> loop_add if (max_part > 0) { alloc_disk(1 << part_shift) part_shift = ... } In this case alloc_disk() will be called with 1 as a parameter although part_shift should have been greater than 0. Maybe it would be better to move the call to a misc_register() function a bit further down (at least so it could be after the part_shift initialization)? Thank you for your time. -- Anton Volkov Linux Verification Center, ISPRAS web: http://linuxtesting.org e-mail: avolkov@ispras.ru