BUG: race-cond with partition-check and ll_rw_blk (all platforms,

COTTE@de.ibm.com
Thu, 7 Jun 2001 13:44:56 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David S. Miller: "Re: [PATCH] sockreg2.4.5-05 inet[6]_create() register/unregister table"
Previous message: L. K.: "Re: temperature standard - global config option?"

--0__=gByRxgghfeKtwg9JLuDAzCI7MZSQfLqSUbZPCLvOPdG8fxYFPqIkRQyb
Content-type: text/plain; charset=us-ascii
Content-Disposition: inline

Hi kernel-list-readers!

We just had a problem when running some formatting-utils on
a large amount of disks synchronously: We got a NULL-pointer
violation when accessig blk_size[major] for our major number.
Further research showed, that grok_partitions was running at
that time, which has been called by register_disk, which our
device driver issues after a disk has been formatted.
Grok_partitions first initializes blk_size[major] with a NULL
pointer, detects the partitions and then assigns the original
value to blk_size[major] again.
Here's the interresting code from these functions, I cut some
irrelevant things out:
blk_size[dev->major] = NULL;
check_partition(dev, MKDEV(dev->major, first_minor), 1 + first_minor);
if (dev->sizes != NULL) {
blk_size[dev->major] = dev->sizes;
};
if (blk_size[major]) {
if (blk_size[major][MINOR(bh->b_rdev)]) {
printk(KERN_INFO
"attempt to access beyond end of device\n");
printk(KERN_INFO "%s: rw=%d, want=%ld, limit=%d\n",
kdevname(bh->b_rdev), rw,
(sector + count)>>1,
blk_size[major][MINOR(bh->b_rdev)]);
}

Can anyone explain to me, why grok_partitions has to clear
this pointer? Why is this all done without any lock which causes
race conditions all over the block-device layer (for example
generic_make_request() in ll_rw_blk.c first checks if the pointer
is set and afterwards accesses the array behind the pointer)?

mit freundlichem Gru
--0__=gByRxgghfeKtwg9JLuDAzCI7MZSQfLqSUbZPCLvOPdG8fxYFPqIkRQyb
Content-type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-transfer-encoding: quoted-printable

=DF / with kind regards
Carsten Otte

IBM Deutschland Entwicklung GmbH
Linux for 390/zSeries Development - Device Driver Team
Phone: +49/07031/16-4076
IBM internal phone: *120-4076

-- We are Linux. Resistance indicates that you're missing the point! =

--0__=gByRxgghfeKtwg9JLuDAzCI7MZSQfLqSUbZPCLvOPdG8fxYFPqIkRQyb--

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Next message: David S. Miller: "Re: [PATCH] sockreg2.4.5-05 inet[6]_create() register/unregister table"
Previous message: L. K.: "Re: temperature standard - global config option?"