Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751794AbdHAMjQ (ORCPT ); Tue, 1 Aug 2017 08:39:16 -0400 Received: from mail-vk0-f66.google.com ([209.85.213.66]:33243 "EHLO mail-vk0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751008AbdHAMjP (ORCPT ); Tue, 1 Aug 2017 08:39:15 -0400 MIME-Version: 1.0 In-Reply-To: References: From: Ming Lei Date: Tue, 1 Aug 2017 20:39:13 +0800 Message-ID: Subject: Re: Possible race in loop.ko To: Anton Volkov Cc: Jens Axboe , Omar Sandoval , Linux Kernel Mailing List , ldv-project@linuxtesting.org, Alexey Khoroshilov Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1066 Lines: 29 On Fri, Jul 28, 2017 at 11:55 PM, Anton Volkov wrote: > Hello. > While searching for races in Linux kernel I've come across > drivers/block/loop.ko module. Here is the question that I came up with while > analyzing results. Lines are given using the info from Linux v4.12. > > In loop_init function additional initialization happens after a successful > call to misc_register() (loop.c: line 1961). Consider the following case: > > Thread 1: Thread 2: > loop_init() > misc_register() loop_control_ioctl > part_shift = 0 -> loop_add > if (max_part > 0) { alloc_disk(1 << part_shift) > part_shift = > > ... > } > > In this case alloc_disk() will be called with 1 as a parameter although > part_shift should have been greater than 0. Maybe it would be better to move > the call to a misc_register() function a bit further down (at least so it > could be after the part_shift initialization)? That looks a good idea, could you cook a patch to do it? -- Ming Lei