[and lkml cc-d too]
This fixes bug 29202 in the 2.6.38 regression list.
Please apply.
Thanks,
Miklos
----
Subject: block: fix refcounting in BLKBSZSET
From: Miklos Szeredi <[email protected]>
Adam Kovari and others reported that disconnecting an USB drive with
an ntfs-3g filesystem would cause "kernel BUG at fs/inode.c:1421!" to
be triggered.
The BUG could be traced back to ioctl(BLKBSZSET), which would
erroneously decrement the refcount on the bdev. This is because
blkdev_get() expects the refcount to be already incremented and either
returns success or decrements the refcount and returns an error.
The bug was introduced by e525fd89 (block: make blkdev_get/put()
handle exclusive access), which didn't take into account this behavior
of blkdev_get().
Reported-by: Adam Kovari <[email protected]>
CC: Tejun Heo <[email protected]>
Signed-off-by: Miklos Szeredi <[email protected]>
---
block/ioctl.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
Index: linux.git/block/ioctl.c
===================================================================
--- linux.git.orig/block/ioctl.c 2011-01-18 09:02:44.000000000 +0100
+++ linux.git/block/ioctl.c 2011-02-24 14:23:56.000000000 +0100
@@ -294,9 +294,11 @@ int blkdev_ioctl(struct block_device *bd
return -EINVAL;
if (get_user(n, (int __user *) arg))
return -EFAULT;
- if (!(mode & FMODE_EXCL) &&
- blkdev_get(bdev, mode | FMODE_EXCL, &bdev) < 0)
- return -EBUSY;
+ if (!(mode & FMODE_EXCL)) {
+ bdgrab(bdev);
+ if (blkdev_get(bdev, mode | FMODE_EXCL, &bdev) < 0)
+ return -EBUSY;
+ }
ret = set_blocksize(bdev, n);
if (!(mode & FMODE_EXCL))
blkdev_put(bdev, mode | FMODE_EXCL);
On Thu, Feb 24, 2011 at 03:48:33PM +0100, Miklos Szeredi wrote:
> [and lkml cc-d too]
>
> This fixes bug 29202 in the 2.6.38 regression list.
>
> Please apply.
>
> Thanks,
> Miklos
>
> ----
> Subject: block: fix refcounting in BLKBSZSET
>
> From: Miklos Szeredi <[email protected]>
>
> Adam Kovari and others reported that disconnecting an USB drive with
> an ntfs-3g filesystem would cause "kernel BUG at fs/inode.c:1421!" to
> be triggered.
>
> The BUG could be traced back to ioctl(BLKBSZSET), which would
> erroneously decrement the refcount on the bdev. This is because
> blkdev_get() expects the refcount to be already incremented and either
> returns success or decrements the refcount and returns an error.
>
> The bug was introduced by e525fd89 (block: make blkdev_get/put()
> handle exclusive access), which didn't take into account this behavior
> of blkdev_get().
>
> Reported-by: Adam Kovari <[email protected]>
> CC: Tejun Heo <[email protected]>
> Signed-off-by: Miklos Szeredi <[email protected]>
Ah, it was me after all. Sorry about that.
Acked-by: Tejun Heo <[email protected]>
Thanks.
--
tejun
On Thu, Feb 24, 2011 at 9:48 AM, Miklos Szeredi <[email protected]> wrote:
> [and lkml cc-d too]
>
> This fixes bug 29202 in the 2.6.38 regression list.
It looks like this may fix bug 29792 too.
Mike
> Please apply.
>
> Thanks,
> Miklos
>
> ----
> Subject: block: fix refcounting in BLKBSZSET
>
> From: Miklos Szeredi <[email protected]>
>
> Adam Kovari and others reported that disconnecting an USB drive with
> an ntfs-3g filesystem would cause "kernel BUG at fs/inode.c:1421!" to
> be triggered.
>
> The BUG could be traced back to ioctl(BLKBSZSET), which would
> erroneously decrement the refcount on the bdev. ?This is because
> blkdev_get() expects the refcount to be already incremented and either
> returns success or decrements the refcount and returns an error.
>
> The bug was introduced by e525fd89 (block: make blkdev_get/put()
> handle exclusive access), which didn't take into account this behavior
> of blkdev_get().
>
> Reported-by: Adam Kovari <[email protected]>
> CC: Tejun Heo <[email protected]>
> Signed-off-by: Miklos Szeredi <[email protected]>
> ---
> ?block/ioctl.c | ? ?8 +++++---
> ?1 file changed, 5 insertions(+), 3 deletions(-)
>
> Index: linux.git/block/ioctl.c
> ===================================================================
> --- linux.git.orig/block/ioctl.c ? ? ? ?2011-01-18 09:02:44.000000000 +0100
> +++ linux.git/block/ioctl.c ? ? 2011-02-24 14:23:56.000000000 +0100
> @@ -294,9 +294,11 @@ int blkdev_ioctl(struct block_device *bd
> ? ? ? ? ? ? ? ? ? ? ? ?return -EINVAL;
> ? ? ? ? ? ? ? ?if (get_user(n, (int __user *) arg))
> ? ? ? ? ? ? ? ? ? ? ? ?return -EFAULT;
> - ? ? ? ? ? ? ? if (!(mode & FMODE_EXCL) &&
> - ? ? ? ? ? ? ? ? ? blkdev_get(bdev, mode | FMODE_EXCL, &bdev) < 0)
> - ? ? ? ? ? ? ? ? ? ? ? return -EBUSY;
> + ? ? ? ? ? ? ? if (!(mode & FMODE_EXCL)) {
> + ? ? ? ? ? ? ? ? ? ? ? bdgrab(bdev);
> + ? ? ? ? ? ? ? ? ? ? ? if (blkdev_get(bdev, mode | FMODE_EXCL, &bdev) < 0)
> + ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? return -EBUSY;
> + ? ? ? ? ? ? ? }
> ? ? ? ? ? ? ? ?ret = set_blocksize(bdev, n);
> ? ? ? ? ? ? ? ?if (!(mode & FMODE_EXCL))
> ? ? ? ? ? ? ? ? ? ? ? ?blkdev_put(bdev, mode | FMODE_EXCL);
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at ?http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at ?http://www.tux.org/lkml/
>
Hi,
2011/2/24 Mike Snitzer <[email protected]>:
> On Thu, Feb 24, 2011 at 9:48 AM, Miklos Szeredi <[email protected]> wrote:
>> [and lkml cc-d too]
>>
>> This fixes bug 29202 in the 2.6.38 regression list.
>
> It looks like this may fix bug 29792 too.
>
> Mike
>
>> Please apply.
>>
>> Thanks,
>> Miklos
>>
>> ----
>> Subject: block: fix refcounting in BLKBSZSET
>>
>> From: Miklos Szeredi <[email protected]>
>>
>> Adam Kovari and others reported that disconnecting an USB drive with
>> an ntfs-3g filesystem would cause "kernel BUG at fs/inode.c:1421!" to
>> be triggered.
>>
>> The BUG could be traced back to ioctl(BLKBSZSET), which would
>> erroneously decrement the refcount on the bdev. ?This is because
>> blkdev_get() expects the refcount to be already incremented and either
>> returns success or decrements the refcount and returns an error.
>>
>> The bug was introduced by e525fd89 (block: make blkdev_get/put()
>> handle exclusive access), which didn't take into account this behavior
>> of blkdev_get().
>>
putting a small reference to the bug reports in the changelog
(it is enough to have the bugnumber in there somewhere, grepping for 5
digit numbers doesn't turn up all too many false positives... )
helps with keeping track of the regressions and letting people know
that a fix / change was posted.
A line like "This fixes bug 29202." is sufficient.
Pasting a complete link( i.e.
https://bugzilla.kernel.org/show_bug.cgi?id=29202 ) would even allow
for an automated note in the bugzilla when it hits Linus tree.
Cheers,
Flo